VARIoT IoT vulnerabilities database

An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding. D-LinkDWR-932Brouter is a wireless router product from D-Link. A security vulnerability exists in the D-Link DWR-932B router using firmware version 02.02eu. An attacker could exploit the vulnerability to bypass security restrictions. Dlink DWR-932B is prone to the following security vulnerabilities: 1. An insecure default-password vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 4. Multiple security weaknesses 5. An information-disclosure vulnerability 6. A command-injection vulnerability 7. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to bypass certain security restrictions to perform unauthorized actions, bypass-authentication mechanism, gain access to potentially sensitive information, or execute arbitrary commands in the context of the affected device. This may lead to further attacks

An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests. D-LinkDWR-932Brouter is a wireless router product from D-Link. Dlink DWR-932B is prone to the following security vulnerabilities: 1. An insecure default-password vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 4. Multiple security weaknesses 5. An information-disclosure vulnerability 6. A command-injection vulnerability 7. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to bypass certain security restrictions to perform unauthorized actions, bypass-authentication mechanism, gain access to potentially sensitive information, or execute arbitrary commands in the context of the affected device. This may lead to further attacks

An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters. D-LinkDWR-932B has an input validation vulnerability that allows remote attackers to exploit a vulnerability to submit a special request and execute arbitrary commands. Dlink DWR-932B is prone to the following security vulnerabilities: 1. An insecure default-password vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 4. Multiple security weaknesses 5. An information-disclosure vulnerability 6. A command-injection vulnerability 7. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to bypass certain security restrictions to perform unauthorized actions, bypass-authentication mechanism, gain access to potentially sensitive information, or execute arbitrary commands in the context of the affected device. This may lead to further attacks

An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal. D-LinkDWR-932B has a directory traversal vulnerability that allows remote attackers to exploit a vulnerability to submit a special request to read arbitrary file content. Dlink DWR-932B is prone to the following security vulnerabilities: 1. An insecure default-password vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 4. Multiple security weaknesses 5. An information-disclosure vulnerability 6. A command-injection vulnerability 7. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to bypass certain security restrictions to perform unauthorized actions, bypass-authentication mechanism, gain access to potentially sensitive information, or execute arbitrary commands in the context of the affected device. This may lead to further attacks

An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf. D-Link DWR-932B The router has /var/miniupnpd.conf In secure_mode=no There are vulnerabilities that contain rows.It may be affected unspecified. A security vulnerability exists in the D-LinkDWR-932B/var/miniupnpd.conf device that allows remote attackers to exploit vulnerabilities to bypass security restrictions and perform unauthorized operations. Dlink DWR-932B is prone to the following security vulnerabilities: 1. An insecure default-password vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 4. Multiple security weaknesses 5. An information-disclosure vulnerability 6. A command-injection vulnerability 7. This may lead to further attacks. A security vulnerability exists in D-Link DWR-932B routers using firmware version 02.02eu

An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules. D-Link DWR-932B The router has /var/miniupnpd.conf In no deny A vulnerability exists that contains rules.It may be affected unspecified. A security vulnerability exists in the D-LinkDWR-932B/var/miniupnpd.conf device that allows remote attackers to exploit vulnerabilities to bypass security restrictions and perform unauthorized operations. Dlink DWR-932B is prone to the following security vulnerabilities: 1. An insecure default-password vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 4. Multiple security weaknesses 5. An information-disclosure vulnerability 6. A command-injection vulnerability 7. This may lead to further attacks. An attacker could exploit this vulnerability to affect the integrity, confidentiality, and availability of data

An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the device's WAN connection, causing disconnection from the Internet, a Denial of Service (DoS). The attack is only possible from within the local area network. A security vulnerability exists in ASUSRT-N56UWirelessRouter using firmware version 3.0.0.4.374_979. An attacker could exploit the vulnerability to cause the device's WAN connection to crash, the network to fail to connect, and a denial of service. ASUS RT-N56U is prone to an unspecified denial-of-service vulnerability

An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal. D-Link DWR-932B Router qmiweb In .. D-LinkDWR-932B handles a security vulnerability in %2f that allows remote attackers to exploit a vulnerability to submit a special request to read arbitrary file content. Dlink DWR-932B is prone to the following security vulnerabilities: 1. An insecure default-password vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 4. Multiple security weaknesses 5. An information-disclosure vulnerability 6. A command-injection vulnerability 7. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to bypass certain security restrictions to perform unauthorized actions, bypass-authentication mechanism, gain access to potentially sensitive information, or execute arbitrary commands in the context of the affected device. This may lead to further attacks. D-Link DWR-932B routers with firmware version 02.02eu have a path traversal vulnerability

An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607. D-LinkDWR-932Brouter is a wireless router product from D-Link. A security hole exists in the D-Link DWR-932B router using firmware version 02.02eu. An attacker could exploit the vulnerability to bypass authentication and perform unauthorized operations. Dlink DWR-932B is prone to the following security vulnerabilities: 1. An insecure default-password vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 4. Multiple security weaknesses 5. An information-disclosure vulnerability 6. A command-injection vulnerability 7. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to bypass certain security restrictions to perform unauthorized actions, bypass-authentication mechanism, gain access to potentially sensitive information, or execute arbitrary commands in the context of the affected device. This may lead to further attacks

Micro-farming remote control smart lock system is a kind of smart card identification (including proximity card, IC card, TM card, etc.). The micro-farming remote lock smart lock system has a design loophole when used in conjunction with the micro-farming WG2082 mobile phone APP door lock controller, which can be remotely replayed and the lock can be arbitrarily opened or closed.

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. DellSonicWallSecureRemoteAccess is a SonicWALL Secure Remote Access Series appliance in the DellSonicWall Secure Mobile Access Solution. Dell SonicWall Secure Remote Access is prone to multiple command-injection vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to execute arbitrary commands in context of the affected application. Failed exploit attempts will result in a denial-of-service condition

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn't properly escape the information passed in the 'tsrDeleteRestartedFile' or 'currentTSREmailTo' variables before making a call to system(), allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. DellSonicWallSecureRemoteAccess is a SonicWALL Secure Remote Access Series appliance in the DellSonicWall Secure Mobile Access Solution. Exploiting these issues could allow an attacker to execute arbitrary commands in context of the affected application. Failed exploit attempts will result in a denial-of-service condition

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195. DellSonicWallSecureRemoteAccess is a SonicWALL Secure Remote Access Series appliance in the DellSonicWall Secure Mobile Access Solution. Exploiting these issues could allow an attacker to execute arbitrary commands in context of the affected application. Failed exploit attempts will result in a denial-of-service condition

Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information. IBM BladeCenter Advanced Management Module is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. IBM BladeCenter Advanced Management Module running firmware versions prior to 3.66z are vulnerable. IBM BladeCenter Systems is a high-performance blade server system developed by IBM Corporation in the United States

An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). Multiple F5 BIG-IP products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a a denial-of-service condition. F5 BIG-IP Analytics and others are products of F5 Corporation of the United States. F5 BIG-IP Analytics is a suite of web application performance analysis software. APM is a set of solutions that provide secure and unified access to business-critical applications and networks. LTM is a local traffic manager. The following products and versions are affected: F5 BIG-IP LTM version 12.0.0 to 12.1.1; BIG-IP AAM version 12.0.0 to 12.1.1; BIG-IP AFM version 12.0.0 to 12.1.1; BIG-IP Analytics version 12.0.0 through 12.1.1; BIG-IP APM version 12.0.0 through 12.1.1; BIG-IP ASM version 12.0.0 through 12.1.1; BIG-IP DNS version 12.0.0 to version 12.1.1; BIG-IP Link Controller version 12.0.0 to version 12.1.1; BIG-IP PEM version 12.0.0 to version 12.1.1; BIG-IP WebSafe version 12.0.0 to version 12.1.1

Modicon M218 is a compact programmable logic controller produced by Schneider Electric of France. Schneider Electric M218 TCP / IP protocol stack has a denial of service vulnerability. Due to sending an abnormal IP packet with an IP header to the M218 (IP_Total_Length field is 0 and IP_Protocol field is 6), the M218 protocol stack may crash and lose its response. Restart the power before returning to normal.

Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. Lenovo63 and so on are all computers of China Lenovo. The LenovoEdgeUSBKeyboardDriver (aka LenovoSlimUSBKeyboard or LenovoLowProfileKeyboard) is one of the keyboard input drivers. The following products are affected: Lenovo Edge Keyboard Driver 1.20 and prior. Lenovo Slim USB Keyboard Driver 1.20 and prior

An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal. BeldenHirschmannGECKOLiteManagedSwitch is a switch product from Belden Corporation of the United States. An information disclosure vulnerability exists in BeldenHirschmannGECKOLiteManagedSwitch 2.0.00 and earlier. An attacker could exploit this vulnerability to obtain sensitive information. This may result in further attacks

An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal). Eaton ePDUs EAMxxx is a rack power distribution unit module from Eaton Corporation of the United States. Multiple Eaton ePDU products are prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks. A path traversal vulnerability exists in several Eaton ePDUs

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. OpenSSL There is a service disruption ( crash ) There are vulnerabilities that are put into a state.Service operation interruption ( crash ) There is a possibility of being put into a state. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Versions prior to OpenSSL 1.1.0d and 1.0.2k are vulnerable. OpenSSL Security Advisory [27 Mar 2018] ======================================== Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) ========================================================================================== Severity: Moderate Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. OpenSSL 1.1.0 users should upgrade to 1.1.0h OpenSSL 1.0.2 users should upgrade to 1.0.2o This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz project. The fix was developed by Matt Caswell of the OpenSSL development team. Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) ======================================================== Severity: Moderate Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. OpenSSL 1.1.0 users should upgrade to 1.1.0h This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg (IBM). The fix was developed by Andy Polyakov of the OpenSSL development team. rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) ========================================================= Severity: Low This issue has been reported in a previous OpenSSL security advisory and a fix was provided for OpenSSL 1.0.2. Due to the low severity no fix was released at that time for OpenSSL 1.1.0. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). OpenSSL 1.1.0 users should upgrade to 1.1.0h OpenSSL 1.0.2 users should upgrade to 1.0.2n This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin (Google). The issue was originally found via the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20180327.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . Background ========== A fast, multi-threaded, multi-user SQL database server. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03158061 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03158061 Version: 1 MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2018-05-09 Last Updated: 2018-05-09 Potential Security Impact: Remote: Disclosure of Information Source: Micro Focus, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Service Manager. These vulnerabilities have been identified in the OpenSSL open source library component and may be exploited to cause disruption of service and unauthorized disclosure of information. References: - CVE-2017-3731 - CVE-2017-3732 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Service Manager Software - v9.30, v9.31, v9.32, v9.33, v9.34, v9.35, v9.40, v9.41, v9.50, v9.51 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector RESOLUTION MicroFocus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager: For versions 9.30, 9.31, 9.32, 9.33, 9.34.9.35 please upgrade to SM 9.35.P6: SM9.35 P6 packages, SM 9.35 AIX Server 9.35.6007 p6 <http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00916> SM 9.35 HP Itanium Server 9.35.6007 p6 <http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00917> SM 9.35 HP Itanium Server for Oracle 12c 9.35.6007 p6 <http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00918> SM 9.35 Linux Server 9.35.6007 p6 <http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00919> SM 9.35 Solaris Server 9.35.6007 p6 <http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00920> SM 9.35 Windows Server 9.35.6007 p6 <http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00921> For version 9.40, 9.41 please upgrade to SM 9.41.P6: SM9.41.P6 packages, Service Manager 9.41.6000 p6 - Server for AIX <http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00891> Service Manager 9.41.6000 p6 - Server for HP-UX/IA <http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00892> Service Manager 9.41.6000 p6 - Server for Linux <http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00893> Service Manager 9.41.6000 p6 - Server for Solaris <http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00894> Service Manager 9.41.6000 p6 - Server for Windows <http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00895> For version 9.50, 9.51 Server and KM components please upgrade to SM 9.52.P2: SM9.52.P2 packages, Service Manager 9.52.2021 p2 - Server for Windows <http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00906> Service Manager 9.52.2021 p2 - Server for Linux <http://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/- facetsearch/document/LID/HPSM_00907> HISTORY Version:1 (rev.1) - 9 May 2018 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to cyber-psrt@microfocus.com. Report: To report a potential security vulnerability for any supported product: Web form: https://www.microfocus.com/support-and-services/report-security Email: security@microfocus.com Subscribe: To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.hpe.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification Once you are logged in to the portal, please choose security bulletins under product and document types. Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://softwaresupport.hpe.com/security-vulnerability Software Product Category: The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin. 3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2017 EntIT Software LLC Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201702-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: February 14, 2017 Bugs: #607318 ID: 201702-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which might allow attackers to access sensitive information. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.2k >= 1.0.2k Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker is able to crash applications linked against OpenSSL or could obtain sensitive private-key information via an attack against the Diffie-Hellman (DH) ciphersuite. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2k" References ========== [ 1 ] CVE-2016-7055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7055 [ 2 ] CVE-2017-3730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3730 [ 3 ] CVE-2017-3731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3731 [ 4 ] CVE-2017-3732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3732 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201702-07 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --6TxcaqolfH5V8d0tqHGgGlj1v2tmUA9I9-- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2018:2575-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2018:2575 Issue date: 2018-08-28 CVE Names: CVE-2016-0705 CVE-2017-3732 CVE-2017-3736 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-12539 ==================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Security Fix(es): * IBM JDK: privilege escalation via insufficiently restricted access to Attach API (CVE-2018-12539) * openssl: BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732) * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * IBM JDK: DoS in the java.math component (CVE-2018-1517) * IBM JDK: path traversal flaw in the Diagnostic Tooling Framework (CVE-2018-1656) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940) * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973) * OpenSSL: Double-free in DSA code (CVE-2016-0705) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the OpenSSL project for reporting CVE-2016-0705. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 1509169 - CVE-2017-3736 openssl: bn_sqrx8x_internal carry bug on x86_64 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) 1618767 - CVE-2018-12539 IBM JDK: privilege escalation via insufficiently restricted access to Attach API 1618869 - CVE-2018-1656 IBM JDK: path traversal flaw in the Diagnostic Tooling Framework 1618871 - CVE-2018-1517 IBM JDK: DoS in the java.math component 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.8.0-ibm-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm ppc64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.ppc64.rpm s390x: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.s390x.rpm x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.i686.rpm x86_64: java-1.8.0-ibm-jdbc-1.8.0.5.20-1jpp.1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0705 https://access.redhat.com/security/cve/CVE-2017-3732 https://access.redhat.com/security/cve/CVE-2017-3736 https://access.redhat.com/security/cve/CVE-2018-1517 https://access.redhat.com/security/cve/CVE-2018-1656 https://access.redhat.com/security/cve/CVE-2018-2940 https://access.redhat.com/security/cve/CVE-2018-2952 https://access.redhat.com/security/cve/CVE-2018-2973 https://access.redhat.com/security/cve/CVE-2018-12539 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW4WgLdzjgjWX9erEAQixyw//d2pemlb2TNR2kW3WlrxY0KBjUBM+PS4i bQ8+SoNsct2XtVFq0oOfwAmYMn++pAY37yvvhUdefe5sAcUldDcJtLIgXbtISSXe V5EdrLvQbv/rSxikOfccFzNI8GwJTgGiLpq8n9exHcSsY5cZevzukgRr6b+yQbnj mcYEC3TB/CnulDac/Pt0VsS9AoFhwuX958/+EQdpMq1yOGqog6eM8U6x2btA4YSi mcVD2hom6GuYMKq0oWDPWPry5hJePvbPM6GZw8pYdRvA1eKjp24M3mkWkkIEFw6U aZCW6YXJuwMMJ4IYbF1Aofm3ab+R1VZXmPvzMHXRhVcRyZLvBzo1fZaw7ISX1ibV FimDRrXLIJDudoS80DMVmbgQTL37U6pGAe6gV2JLtvtEZl02Sxq5PeRfuMME4qeP rT+xyz0zjyIqTpxhAzAQJ28ZCrWDvRycCT5ZLwaPfxZ0+4cY1l58TMfYpdwIKJSC M8HQccrNxQ8S/kSKexIT18mSQcMwOhDza6gV4hSiOQgI/xHW3sic78a7/74JnSBT DgZuicAq73IWdYu67B04UzsZNsySSW6vs3BeYdfN5BnmK40NxrH5d5LMRV4xKmN+ HlkzX1CrDCBl9PtbQF0xpUGluvXCg1u2kzGHj4Dv7JP64bV1wXmLm5kwrPL/QZhv 8IL8kIZinC8=eoiE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . =========================================================================== Ubuntu Security Notice USN-3181-1 January 31, 2017 openssl vulnerabilities =========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. (CVE-2016-2177) It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-7055) It was discovered that OpenSSL did not properly use constant-time operations when performing ECDSA P-256 signing. A remote attacker could possibly use this issue to perform a timing attack and recover private ECDSA keys. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-7056) Shi Lei discovered that OpenSSL incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause OpenSSL to stop responding, resulting in a denial of service. (CVE-2016-8610) Robert =C5=9Awi=C4=99cki discovered that OpenSSL incorrectly handled certain truncated packets. While unlikely, a remote attacker could possibly use this issue to recover private keys. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2017-3732) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: libssl1.0.0 1.0.2g-1ubuntu9.1 Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.6 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.22 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.39 After a standard system update you need to reboot your computer to make all the necessary changes