VARIoT IoT vulnerabilities database

The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device

GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. GE Healthcare CADStream Server has built-in accounts. The admin uses a 'confirma' password, allowing remote attackers to use these accounts to control the device. An attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device

Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618. Chiyu The fingerprint authentication entrance / exit management system avoids authentication and sets the communication configuration. (1) Read or (2) There are vulnerabilities to be modified. Chiyu BF-660C fingerprint access-control devices is a network fingerprint access control attendance machine from Chiyou. The Chiyu BF-660C fingerprint access-control device has a security hole. An attacker could leverage these issues to gain unauthorized access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or generate authentication credentials to impersonate legitimate users

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system. Lenovo Service Engine (LSE) Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Multiple products are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial-of-service condition

Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to voice.htm or (b) UniFinger configuration settings via a request to bf.htm, a different vulnerability than CVE-2015-2871. Multiple models of Chiyu Technology fingerprint access control devices contain a cross-site scripting (XSS) vulnerability and an authentication bypass vulnerability. Chiyu BF-630 and BF-630W are network fingerprint access controllers from Chiyu. There are security holes in the Chiyu BF-630 and BF-630W fingerprint access-control devices. An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions on the affected device. This may aid in further attacks

Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. Chiyu BF-630, BF-630W and BF-660C are products of Chiyu. Both the BF-630 and BF-630W are networked fingerprint access controllers. BF-660C is a network type fingerprint access control attendance machine. An attacker could leverage these issues to gain unauthorized access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or generate authentication credentials to impersonate legitimate users

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692. Multiple BIOS implementations fail to properly set write protections after waking from sleep, leading to the possibility of an arbitrary BIOS image reflash. plural Dell Device firmware BIOS Implementation locks protection mechanism to wake from sleep BIOS_CNTL Is not processed, EFI There is a vulnerability that allows a flash attack to be executed. This vulnerability CVE-2015-3692 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlBy using the access right to the console by a local user, EFI A flash attack may be performed. Dell Latitude and others are products of Dell. There are security vulnerabilities in the BIOS implementation of several Dell devices. The BIOS_CNTL lock protection mechanism was not enforced when the program resumed from sleep mode

Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file. InduSoft Web Studio is a SCADA system and embedded instrumentation solution for developing human-machine interfaces, supervisory control and data acquisition. Multiple Schneider Electric products are prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information which may aid in further attacks. The following products are vulnerable: InduSoft Web Studio 7.1.3.4 and prior InTouch Machine Edition 2014 7.1.3.4 and prior

The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by extracting a card and attaching it elsewhere. IBM WebSphere DataPower XC10 Appliance is prone to a local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. IBM WebSphere DataPower XC10 is a high-speed cache platform of IBM Corporation in the United States. The platform enables distributed caching of data with little to no change to existing applications

Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920. Exploiting this issue can allow an attacker to write or overwrite arbitrary files in users context. Information harvested may aid in launching further attacks. This issue is being tracked by Cisco Bug ID CSCut93920

Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. Attackers can exploit this issue to reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtd72617

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv45818. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuv45818. The platform provides functions such as secure access authentication and real-time fault analysis

Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. Cisco Unified Communications Manager IM and Presence Service Contains a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCut41766

The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCuv21819. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. Prime Collaboration Deployment is one of the enterprise collaboration network management solution components

Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request. Dell NetVault Backup is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause denial-of-service conditions for legitimate users. The solution protects data and applications in physical and virtual environments

D-link DCS-2103 is a network camera product from D-Link. D-Link DCS-2103 has an HTML injection vulnerability and a cross-site request forgery vulnerability. A remote attacker could use these vulnerabilities to perform unauthorized operations, execute arbitrary scripts or HTML code in the context of a browser, and steal cookie-based authentication. Other attacks are also possible

The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957. Cisco IOS XE is an operating system developed by Cisco Systems for its network devices. This vulnerability is caused by an ATTN-3-SYNC_TIMEOUT error message sent to the console and system logs when the program execution fragment packet reassembly fails. An attacker can exploit this issue to consume CPU resources and cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuo37957

The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. Cisco UCS Central Software is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue being tracked by Cisco Bug ID CSCuu41377

The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255. Vendors have confirmed this vulnerability Bug ID CSCut12255 It is released as.Local user disrupts service operation due to problems with adjacent memory areas ( panic ) There is a possibility of being put into a state. Cisco AnyConnect Secure Mobility Client is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco bug ID CSCut12255

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. ISC BIND 9 There is a service disruption (DoS) Vulnerabilities exist. ISC BIND 9 Is TKEY Service disruption caused by query processing (DoS) Vulnerabilities exist. ISC The advisory states that: ISC Advisory https://kb.isc.org/article/AA-01272/ * "An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit." In addition, since the problem processing is executed before the boundary check is performed in the packet processing, ACL It is not possible to prevent attacks on this vulnerability by using or setting. Attack code using this vulnerability has been released and attacks have been confirmed. Also, National Vulnerability Database (NVD) Then CWE-19 It is published as CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.htmlDenial of service by a remote attacker (DoS) There is a possibility of being attacked. Attackers can exploit this issue to cause a denial-of-service. For the oldstable distribution (wheezy), this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u6. For the stable distribution (jessie), this problem has been fixed in version 1:9.9.5.dfsg-9+deb8u2. We recommend that you upgrade your bind9 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:17.bind Security Advisory The FreeBSD Project Topic: BIND remote denial of service vulnerability Category: contrib Module: bind Announced: 2015-07-28 Credits: ISC Affects: FreeBSD 8.x and FreeBSD 9.x. Corrected: 2015-07-28 19:58:54 UTC (stable/9, 9.3-STABLE) 2015-07-28 19:59:22 UTC (releng/9.3, 9.3-RELEASE-p21) 2015-07-28 19:58:54 UTC (stable/8, 8.4-STABLE) 2015-07-28 19:59:22 UTC (releng/8.4, 8.4-RELEASE-p35) CVE Name: CVE-2015-5477 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. II. III. Impact A remote attacker can trigger a crash of a name server. Both recursive and authoritative servers are affected, and the exposure can not be mitigated by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries. IV. Workaround No workaround is available, but systems that are not running BIND are not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. A reboot is recommended but not required. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install The named service has to be restarted after the update. A reboot is recommended but not required. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-15:17/bind.patch # fetch https://security.FreeBSD.org/patches/SA-15:17/bind.patch.asc # gpg --verify bind.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r285977 releng/8.4/ r285980 stable/9/ r285977 releng/9.3/ r285980 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind97 security update Advisory ID: RHSA-2015:1515-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1515.html Issue date: 2015-07-28 CVE Names: CVE-2015-5477 ===================================================================== 1. Summary: Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter. All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Package List: RHEL Desktop Workstation (v. 5 client): Source: bind97-9.7.0-21.P2.el5_11.2.src.rpm i386: bind97-9.7.0-21.P2.el5_11.2.i386.rpm bind97-chroot-9.7.0-21.P2.el5_11.2.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.2.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.2.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.2.i386.rpm bind97-utils-9.7.0-21.P2.el5_11.2.i386.rpm x86_64: bind97-9.7.0-21.P2.el5_11.2.x86_64.rpm bind97-chroot-9.7.0-21.P2.el5_11.2.x86_64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.2.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.2.x86_64.rpm bind97-devel-9.7.0-21.P2.el5_11.2.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.2.x86_64.rpm bind97-libs-9.7.0-21.P2.el5_11.2.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.2.x86_64.rpm bind97-utils-9.7.0-21.P2.el5_11.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: bind97-9.7.0-21.P2.el5_11.2.src.rpm i386: bind97-9.7.0-21.P2.el5_11.2.i386.rpm bind97-chroot-9.7.0-21.P2.el5_11.2.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.2.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.2.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.2.i386.rpm bind97-utils-9.7.0-21.P2.el5_11.2.i386.rpm ia64: bind97-9.7.0-21.P2.el5_11.2.ia64.rpm bind97-chroot-9.7.0-21.P2.el5_11.2.ia64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.2.ia64.rpm bind97-devel-9.7.0-21.P2.el5_11.2.ia64.rpm bind97-libs-9.7.0-21.P2.el5_11.2.ia64.rpm bind97-utils-9.7.0-21.P2.el5_11.2.ia64.rpm ppc: bind97-9.7.0-21.P2.el5_11.2.ppc.rpm bind97-chroot-9.7.0-21.P2.el5_11.2.ppc.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.2.ppc.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.2.ppc64.rpm bind97-devel-9.7.0-21.P2.el5_11.2.ppc.rpm bind97-devel-9.7.0-21.P2.el5_11.2.ppc64.rpm bind97-libs-9.7.0-21.P2.el5_11.2.ppc.rpm bind97-libs-9.7.0-21.P2.el5_11.2.ppc64.rpm bind97-utils-9.7.0-21.P2.el5_11.2.ppc.rpm s390x: bind97-9.7.0-21.P2.el5_11.2.s390x.rpm bind97-chroot-9.7.0-21.P2.el5_11.2.s390x.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.2.s390.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.2.s390x.rpm bind97-devel-9.7.0-21.P2.el5_11.2.s390.rpm bind97-devel-9.7.0-21.P2.el5_11.2.s390x.rpm bind97-libs-9.7.0-21.P2.el5_11.2.s390.rpm bind97-libs-9.7.0-21.P2.el5_11.2.s390x.rpm bind97-utils-9.7.0-21.P2.el5_11.2.s390x.rpm x86_64: bind97-9.7.0-21.P2.el5_11.2.x86_64.rpm bind97-chroot-9.7.0-21.P2.el5_11.2.x86_64.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.2.i386.rpm bind97-debuginfo-9.7.0-21.P2.el5_11.2.x86_64.rpm bind97-devel-9.7.0-21.P2.el5_11.2.i386.rpm bind97-devel-9.7.0-21.P2.el5_11.2.x86_64.rpm bind97-libs-9.7.0-21.P2.el5_11.2.i386.rpm bind97-libs-9.7.0-21.P2.el5_11.2.x86_64.rpm bind97-utils-9.7.0-21.P2.el5_11.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5477 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVuCCnXlSAg2UNWIIRAkb9AJoDSbMcKVRC6NBpAfchh1+5M3guPgCfa1rL 8ZRs1ZLbwTDO4WKUJSBoiiY= =4+XE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This issue was addressed by updating BIND to version 9.9.7-P2. CVE-ID CVE-2015-5477 OS X Server v4.1.5 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04800156 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04800156 Version: 1 HPSBUX03511 SSRT102248 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-09-21 Last Updated: 2015-09-21 Potential Security Impact: Remote denial of service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified in the HP-UX BIND service running named. References: CVE-2015-5722 CVE-2015-5477 SSRT102248 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.31 BIND 9.7.3 prior to C.9.7.3.8.0 (named) BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-5722 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2015-5477 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software update to resolve the vulnerability in the HP-UX BIND service running named. BIND 9.7.3 for HP-UX Release Depot Name Download location B.11.31 (PA and IA) HP_UX_11.31_HPUX-NameServer_C.9.7.3.8.0_HP-UX_B.11.31_IA_PA.depot https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumbe r=BIND MANUAL ACTIONS: Yes - Update Download and install the software update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.31 ================== NameService.BIND-AUX NameService.BIND-RUN action: install revision C.9.7.3.8.0 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 21 September 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ============================================================================ Ubuntu Security Notice USN-2693-1 July 28, 2015 bind9 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Bind could be made to crash if it received specially crafted network traffic. Software Description: - bind9: Internet Domain Name Server Details: Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. (CVE-2015-5477) Pories Ediansyah discovered that Bind incorrectly handled certain configurations involving DNS64. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5689) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: bind9 1:9.9.5.dfsg-9ubuntu0.2 Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.4 Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.12 In general, a standard system update will make all the necessary changes. VCX prior to 9.8.18 with OpenSSH or ISC BIND. + VCX 9.8.18 for the following Products/SKUs: - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr - JC517A HP VCX V7205 Platform w/DL 360 G6 Server - JE355A HP VCX V6000 Branch Platform 9.0 - JC516A HP VCX V7005 Platform w/DL 120 G6 Server - JC518A HP VCX Connect 200 Primry 120 G6 Server - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr - JE341A HP VCX Connect 100 Secondary - JE252A HP VCX Connect Primary MIM Module - JE253A HP VCX Connect Secondary MIM Module - JE254A HP VCX Branch MIM Module - JE355A HP VCX V6000 Branch Platform 9.0 - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod - JD023A HP MSR30-40 Router with VCX MIM Module - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS - JE340A HP VCX Connect 100 Pri Server 9.0 - JE342A HP VCX Connect 100 Sec Server 9.0 HISTORY Version:1 (rev.1) - 28 January 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Platform Patch Kit Name Alpha OpenVMS V8.4 QXCM1001434254_4652022589_2015-08-28.BCK ITANIUM OpenVMS V8.4 QXCM1001434254_4652022589_2015-08-28.BCK NOTE: Please contact OpenVMS Technical Support to request these patch kits. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/bind-9.9.7_P2-i486-1_slack14.1.txz: Upgraded. Impact: Both recursive and authoritative servers are vulnerable to this defect. Operators should take steps to upgrade to a patched version as soon as possible. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477 https://kb.isc.org/article/AA-01272 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.7_P2-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.7_P2-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.7_P2-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.7_P2-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.7_P2-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.7_P2-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.7_P2-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.7_P2-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.7_P2-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.7_P2-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.2_P3-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.2_P3-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 6a7f7bbc83fd3d189d1e43f672deb33d bind-9.9.7_P2-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 3b8306bfbec7ff968762ab5c38e7d419 bind-9.9.7_P2-x86_64-1_slack13.0.txz Slackware 13.1 package: cfb8dfe797158a769697c261f2e5114c bind-9.9.7_P2-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 417b3bb461e5fd5aae6b671fd584a1ae bind-9.9.7_P2-x86_64-1_slack13.1.txz Slackware 13.37 package: df46b76823c598beb2d0f47f2b6a9813 bind-9.9.7_P2-i486-1_slack13.37.txz Slackware x86_64 13.37 package: b17f5230240b9a0738e2066897b09a40 bind-9.9.7_P2-x86_64-1_slack13.37.txz Slackware 14.0 package: c9f9074c811f470009e6dda97dc5ff68 bind-9.9.7_P2-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 578d63e26fee2783502f0828dc3d491c bind-9.9.7_P2-x86_64-1_slack14.0.txz Slackware 14.1 package: 9e27701833bd20df42e25418ffa8fdca bind-9.9.7_P2-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 4b9c8c11a38c28ca2f12e8f97e3763c6 bind-9.9.7_P2-x86_64-1_slack14.1.txz Slackware -current package: c47d83f7a7b31902e802df3b72d1e902 n/bind-9.10.2_P3-i586-1.txz Slackware x86_64 -current package: c95fcfd95ed0261a2dedee90432f34c7 n/bind-9.10.2_P3-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.9.7_P2-i486-1_slack14.1.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address