VARIoT IoT vulnerabilities database
| VAR-201410-1063 | CVE-2014-4433 | Apple OS X Kernel kernel heap-based buffer overflow vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem. Apple Mac OS X is prone to a local heap-based buffer-overflow vulnerability.
A local attacker can leverage this issue to execute arbitrary code with kernel level privileges or cause the affected system to shutdown, denying service to legitimate users
| VAR-201410-1062 | CVE-2014-4432 | Apple OS X of fdesetup Vulnerability in obtaining plaintext data |
CVSS V2: 4.7 CVSS V3: - Severity: MEDIUM |
fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. Apple Mac OS X is prone to a local security vulnerability.
A local attacker can leverage this issue to bypass certain security restrictions or gain access to potentially sensitive information. The vulnerability stems from the fact that the program does not properly display the encryption status between the setting-update operation and the reboot operation. Attackers can exploit this vulnerability to obtain plaintext data
| VAR-201410-1061 | CVE-2014-4431 | Apple OS X of Dock Vulnerabilities displayed in windows |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. Apple Mac OS X is prone to a local security-bypass vulnerability.
An attacker with physical access to a computer can exploit this issue to bypass screen lock. Successful exploits may lead to other attacks.
Apple Mac OS X versions prior to 10.10 are vulnerable. The Dock is one of the graphical user interfaces used to start and switch running applications. The vulnerability stems from the program not properly managing the lock screen state. An attacker could exploit this vulnerability to browse windows
| VAR-201410-1060 | CVE-2014-4430 | Apple OS X of CoreStorage Vulnerability in obtaining plaintext data |
CVSS V2: 4.7 CVSS V3: - Severity: MEDIUM |
CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount. Apple Mac OS X is prone to a local security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions
| VAR-201410-1058 | CVE-2014-4427 | Apple OS X Vulnerabilities that bypass the sandbox protection mechanism in the application sandbox |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. Apple Mac OS X is prone to a security-bypass vulnerability vulnerability.
A remote attacker can leverage this issue to perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-10-16-1 OS X Yosemite v10.10
OS X Yosemite v10.10 is now available and addresses the following:
802.1X
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported stronger
authentication methods. This issue was addressed by disabling LEAP by
default.
CVE-ID
CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim
Lamotte of Universiteit Hasselt
AFP File Server
Impact: A remote attacker could determine all the network addresses
of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
apache
Impact: Multiple vulnerabilities in Apache
Description: Multiple vulnerabilities existed in Apache, the most
serious of which may lead to a denial of service. These issues were
addressed by updating Apache to version 2.4.9. This has been addressed by
requiring administrator approval to use the accessibility API on an
per-application basis.
CVE-ID
CVE-2014-4427 : Paul S. Ziegler of Reflare UG
Bash
Impact: In certain configurations, a remote attacker may be able to
execute arbitrary shell commands
Description: An issue existed in Bash's parsing of environment
variables. This issue was addressed through improved environment
variable parsing by better detecting the end of the function
statement. This update also incorporated the suggested CVE-2014-7169
change, which resets the parser state. In addition, this update
added a new namespace for exported functions by creating a function
decorator to prevent unintended header passthrough to Bash. The names
of all environment variables that introduce function definitions are
required to have a prefix "__BASH_FUNC<" and suffix ">()" to prevent
unintended function passing via HTTP headers.
CVE-ID
CVE-2014-6271 : Stephane Chazelas
CVE-2014-7169 : Tavis Ormandy
Bluetooth
Impact: A malicious Bluetooth input device may bypass pairing
Description: Unencrypted connections were permitted from Human
Interface Device-class Bluetooth Low Energy devices. If a Mac had
paired with such a device, an attacker could spoof the legitimate
device to establish a connection. The issue was addressed by denying
unencrypted HID connections.
CVE-ID
CVE-2014-4428 : Mike Ryan of iSEC Partners
CFPreferences
Impact: The 'require password after sleep or screen saver begins'
preference may not be respected until after a reboot
Description: A session management issue existed in the handling of
system preference settings. This issue was addressed through improved
session tracking.
CVE-ID
CVE-2014-4425
Certificate Trust Policy
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
http://support.apple.com/kb/HT6005.
CoreStorage
Impact: An encrypted volume may stay unlocked when ejected
Description: When an encrypted volume was logically ejected while
mounted, the volume was unmounted but the keys were retained, so it
could have been mounted again without the password. This issue was
addressed by erasing the keys on eject.
CVE-ID
CVE-2014-4430 : Benjamin King at See Ben Click Computer Services LLC,
Karsten Iwen, Dustin Li (http://dustin.li/), Ken J. Takekoshi, and
other anonymous researchers
CUPS
Impact: A local user can execute arbitrary code with system
privileges
Description: When the CUPS web interface served files, it would
follow symlinks. A local user could create symlinks to arbitrary
files and retrieve them through the web interface. This issue was
addressed by disallowing symlinks to be served via the CUPS web
interface.
CVE-ID
CVE-2014-3537
Dock
Impact: In some circumstances, windows may be visible even when the
screen is locked
Description: A state management issue existed in the handling of the
screen lock. This issue was addressed through improved state
tracking.
CVE-ID
CVE-2014-4431 : Emil Sjolander of Umea University
fdesetup
Impact: The fdesetup command may provide misleading status for the
state of encryption on disk
Description: After updating settings, but before rebooting, the
fdesetup command provided misleading status. This issue was addressed
through improved status reporting.
CVE-ID
CVE-2014-4432
iCloud Find My Mac
Impact: iCloud Lost mode PIN may be bruteforced
Description: A state persistence issue in rate limiting allowed
brute force attacks on iCloud Lost mode PIN. This issue was addressed
through improved state persistence across reboots.
CVE-ID
CVE-2014-4435 : knoy
IOAcceleratorFamily
Impact: An application may cause a denial of service
Description: A NULL pointer dereference was present in the
IntelAccelerator driver. The issue was addressed through improved
error handling.
CVE-ID
CVE-2014-4373 : cunzhang from Adlab of Venustech
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Impact: An application may cause a denial of service
Description: A out-of-bounds memory read was present in the
IOHIDFamily driver. The issue was addressed through improved input
validation.
CVE-ID
CVE-2014-4436 : cunzhang from Adlab of Venustech
IOHIDFamily
Impact: A user may be able to execute arbitrary code with system
privileges
Description: An out-of-bounds write issue exited in the IOHIDFamily
driver. The issue was addressed through improved input validation.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
IOKit
Impact: A malicious application may be able to read uninitialized
data from kernel memory
Description: An uninitialized memory access issue existed in the
handling of IOKit functions. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2014-4407 : @PanguTeam
IOKit
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4418 : Ian Beer of Google Project Zero
Kernel
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Impact: A maliciously crafted file system may cause unexpected
system shutdown or arbitrary code execution
Description: A heap-based buffer overflow issue existed in the
handling of HFS resource forks. A maliciously crafted filesystem may
cause an unexpected system shutdown or arbitrary code execution with
kernel privileges. The issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4433 : Maksymilian Arciemowicz
Kernel
Impact: A malicious file system may cause unexpected system shutdown
Description: A NULL dereference issue existed in the handling of HFS
filenames. A maliciously crafted filesystem may cause an unexpected
system shutdown. This issue was addressed by avoiding the NULL
dereference.
CVE-ID
CVE-2014-4434 : Maksymilian Arciemowicz
Kernel
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A double free issue existed in the handling of Mach
ports. This issue was addressed through improved validation of Mach
ports.
CVE-ID
CVE-2014-4375 : an anonymous researcher
Kernel
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: An out-of-bounds read issue existed in rt_setgate. This
may lead to memory disclosure or memory corruption. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-4408
Kernel
Impact: A local user can cause an unexpected system termination
Description: A reachable panic existed in the handling of messages
sent to system control sockets. This issue was addressed through
additional validation of messages.
CVE-ID
CVE-2014-4442 : Darius Davis of VMware
Kernel
Impact: Some kernel hardening measures may be bypassed
Description: The random number generator used for kernel hardening
measures early in the boot process was not cryptographically secure.
Some of its output was inferable from user space, allowing bypass of
the hardening measures. This issue was addressed by using a
cryptographically secure algorithm.
CVE-ID
CVE-2014-4422 : Tarjei Mandt of Azimuth Security
LaunchServices
Impact: A local application may bypass sandbox restrictions
Description: The LaunchServices interface for setting content type
handlers allowed sandboxed applications to specify handlers for
existing content types. A compromised application could use this to
bypass sandbox restrictions. The issue was addressed by restricting
sandboxed applications from specifying content type handlers.
CVE-ID
CVE-2014-4437 : Meder Kydyraliev of the Google Security Team
LoginWindow
Impact: Sometimes the screen might not lock
Description: A race condition existed in LoginWindow, which would
sometimes prevent the screen from locking. The issue was addressed by
changing the order of operations.
CVE-ID
CVE-2014-4438 : Harry Sintonen of nSense, Alessandro Lobina of
Helvetia Insurances, Patryk Szlagowski of Funky Monkey Labs
Mail
Impact: Mail may send email to unintended recipients
Description: A user interface inconsistency in Mail application
resulted in email being sent to addresses that were removed from the
list of recipients. The issue was addressed through improved user
interface consistency checks.
CVE-ID
CVE-2014-4439 : Patrick J Power of Melbourne, Australia
MCX Desktop Config Profiles
Impact: When mobile configuration profiles were uninstalled, their
settings were not removed
Description: Web proxy settings installed by a mobile configuration
profile were not removed when the profile was uninstalled. This issue
was addressed through improved handling of profile uninstallation.
CVE-ID
CVE-2014-4440 : Kevin Koster of Cloudpath Networks
NetFS Client Framework
Impact: File Sharing may enter a state in which it cannot be
disabled
Description: A state management issue existed in the File Sharing
framework. This issue was addressed through improved state
management.
CVE-ID
CVE-2014-4441 : Eduardo Bonsi of BEARTCOMMUNICATIONS
QuickTime
Impact: Playing a maliciously crafted m4a file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of audio
samples. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4351 : Karl Smith of NCC Group
Safari
Impact: History of pages recently visited in an open tab may remain
after clearing of history
Description: Clearing Safari's history did not clear the
back/forward history for open tabs. This issue was addressed by
clearing the back/forward history.
CVE-ID
CVE-2013-5150
Safari
Impact: Opting in to push notifications from a maliciously crafted
website may cause future Safari Push Notifications to be missed
Description: An uncaught exception issue existed in
SafariNotificationAgent's handling of Safari Push Notifications. This
issue was addressed through improved handling of Safari Push
Notifications.
CVE-ID
CVE-2014-4417 : Marek Isalski of Faelix Limited
Secure Transport
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling CBC cipher suites
when TLS connection attempts fail.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team
Security
Impact: A remote attacker may be able to cause a denial of service
Description: A null dereference existed in the handling of ASN.1
data. This issue was addressed through additional validation of ASN.1
data.
CVE-ID
CVE-2014-4443 : Coverity
Security
Impact: A local user might have access to another user's Kerberos
tickets
Description: A state management issue existed in SecurityAgent.
While Fast User Switching, sometimes a Kerberos ticket for the
switched-to user would be placed in the cache for the previous user.
This issue was addressed through improved state management.
CVE-ID
CVE-2014-4444 : Gary Simon of Sandia National Laboratories, Ragnar
Sundblad of KTH Royal Institute of Technology, Eugene Homyakov of
Kaspersky Lab
Security - Code Signing
Impact: Tampered applications may not be prevented from launching
Description: Apps signed on OS X prior to OS X Mavericks 10.9 or
apps using custom resource rules, may have been susceptible to
tampering that would not have invalidated the signature. On systems
set to allow only apps from the Mac App Store and identified
developers, a downloaded modified app could have been allowed to run
as though it were legitimate. This issue was addressed by ignoring
signatures of bundles with resource envelopes that omit resources
that may influence execution. OS X Mavericks v10.9.5 and Security
Update 2014-004 for OS X Mountain Lion v10.8.5 already contain these
changes.
CVE-ID
CVE-2014-4391 : Christopher Hickstein working with HP's Zero Day
Initiative
Note: OS X Yosemite includes Safari 8.0, which incorporates
the security content of Safari 7.1. For further details see
"About the security content of Safari 7.1" at
https://support.apple.com/kb/HT6440.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUQCItAAoJEBcWfLTuOo7tVTMQAIpXH2MO4xElrJDdFvz+9hEq
0I/Md7JZMvm66AZZG6AlHPnGn/UfNSD6BxGmuuz2MnVyr3kBTHfGQbsRtoZ/54dZ
OJrFVD+HE+WmjhB2xLoLTMDP5QgdpBY0gpmNF5Ze4tRogpbfrhDQJjjWls4xbB3B
0MYF5Cq+9nMwHquh/gQpp4pRCms+S/3TdHrjunlfnWFJMNT+XTs0Y5+QPZQ8OMAb
lqDGjjjulN3+WLCekIWXX1WeAFjqW5ICSWqt0b8/yWVnLWuYmWvHPC8LrP52+s87
XHgx+9tW/5L+ZMGxfDYKnhkXNsQaFPai1iPgztjz7/c3NON7ogdIbJd290j2GZ2S
CUoozCx2rVn9l7hFYSDP5fHt8x1itvWeH1UX6WP6Ydkf4iXe63ksMaVSFqccEb7r
HlBlx/dE1FuWD+gkOQwDPkKZR1yiMArqrHz1YwC4GZ6/A3aG9B++y1TBCetQO8xs
bFmlhX4Rvmme+NED0Hli7yN/++axkYUfAHTLwnucq1MW+eP9jecsBpFsOMKJ0ika
XrZoquwIM4zQPgY1qBz15Nxeb8lX2IcpL5PKGEeqiKX3SRPerdQKUnUBk1DtHg2h
fl+BG2AfN6uaYGJvGL9G2OX95SylOWW9uoYvfTVafwU7f9tE8RUEStnXhQD00j/r
P2OKoqPuE6SsFq6L2VwF
=Ucxd
-----END PGP SIGNATURE-----
| VAR-201410-1068 | CVE-2014-4351 | Apple OS X of QuickTime Vulnerable to buffer overflow |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file. Apple Mac OS X is prone to a remote buffer-overflow vulnerability.
Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions.
Apple Mac OS X versions prior to 10.10 are vulnerable. QuickTime is one of the multimedia playback components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-10-16-1 OS X Yosemite v10.10
OS X Yosemite v10.10 is now available and addresses the following:
802.1X
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported stronger
authentication methods. This issue was addressed by disabling LEAP by
default.
CVE-ID
CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim
Lamotte of Universiteit Hasselt
AFP File Server
Impact: A remote attacker could determine all the network addresses
of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
apache
Impact: Multiple vulnerabilities in Apache
Description: Multiple vulnerabilities existed in Apache, the most
serious of which may lead to a denial of service. These issues were
addressed by updating Apache to version 2.4.9.
CVE-ID
CVE-2013-6438
CVE-2014-0098
App Sandbox
Impact: An application confined by sandbox restrictions may misuse
the accessibility API
Description: A sandboxed application could misuse the accessibility
API without the user's knowledge. This has been addressed by
requiring administrator approval to use the accessibility API on an
per-application basis.
CVE-ID
CVE-2014-4427 : Paul S. Ziegler of Reflare UG
Bash
Impact: In certain configurations, a remote attacker may be able to
execute arbitrary shell commands
Description: An issue existed in Bash's parsing of environment
variables. This issue was addressed through improved environment
variable parsing by better detecting the end of the function
statement. This update also incorporated the suggested CVE-2014-7169
change, which resets the parser state. In addition, this update
added a new namespace for exported functions by creating a function
decorator to prevent unintended header passthrough to Bash. The names
of all environment variables that introduce function definitions are
required to have a prefix "__BASH_FUNC<" and suffix ">()" to prevent
unintended function passing via HTTP headers.
CVE-ID
CVE-2014-6271 : Stephane Chazelas
CVE-2014-7169 : Tavis Ormandy
Bluetooth
Impact: A malicious Bluetooth input device may bypass pairing
Description: Unencrypted connections were permitted from Human
Interface Device-class Bluetooth Low Energy devices. If a Mac had
paired with such a device, an attacker could spoof the legitimate
device to establish a connection. The issue was addressed by denying
unencrypted HID connections.
CVE-ID
CVE-2014-4428 : Mike Ryan of iSEC Partners
CFPreferences
Impact: The 'require password after sleep or screen saver begins'
preference may not be respected until after a reboot
Description: A session management issue existed in the handling of
system preference settings. This issue was addressed through improved
session tracking.
CVE-ID
CVE-2014-4425
Certificate Trust Policy
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
http://support.apple.com/kb/HT6005.
CoreStorage
Impact: An encrypted volume may stay unlocked when ejected
Description: When an encrypted volume was logically ejected while
mounted, the volume was unmounted but the keys were retained, so it
could have been mounted again without the password. This issue was
addressed by erasing the keys on eject.
CVE-ID
CVE-2014-4430 : Benjamin King at See Ben Click Computer Services LLC,
Karsten Iwen, Dustin Li (http://dustin.li/), Ken J. Takekoshi, and
other anonymous researchers
CUPS
Impact: A local user can execute arbitrary code with system
privileges
Description: When the CUPS web interface served files, it would
follow symlinks. A local user could create symlinks to arbitrary
files and retrieve them through the web interface. This issue was
addressed by disallowing symlinks to be served via the CUPS web
interface.
CVE-ID
CVE-2014-3537
Dock
Impact: In some circumstances, windows may be visible even when the
screen is locked
Description: A state management issue existed in the handling of the
screen lock. This issue was addressed through improved state
tracking.
CVE-ID
CVE-2014-4431 : Emil Sjolander of Umea University
fdesetup
Impact: The fdesetup command may provide misleading status for the
state of encryption on disk
Description: After updating settings, but before rebooting, the
fdesetup command provided misleading status. This issue was addressed
through improved status reporting.
CVE-ID
CVE-2014-4432
iCloud Find My Mac
Impact: iCloud Lost mode PIN may be bruteforced
Description: A state persistence issue in rate limiting allowed
brute force attacks on iCloud Lost mode PIN. This issue was addressed
through improved state persistence across reboots.
CVE-ID
CVE-2014-4435 : knoy
IOAcceleratorFamily
Impact: An application may cause a denial of service
Description: A NULL pointer dereference was present in the
IntelAccelerator driver. The issue was addressed through improved
error handling.
CVE-ID
CVE-2014-4373 : cunzhang from Adlab of Venustech
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Impact: An application may cause a denial of service
Description: A out-of-bounds memory read was present in the
IOHIDFamily driver. The issue was addressed through improved input
validation.
CVE-ID
CVE-2014-4436 : cunzhang from Adlab of Venustech
IOHIDFamily
Impact: A user may be able to execute arbitrary code with system
privileges
Description: An out-of-bounds write issue exited in the IOHIDFamily
driver. The issue was addressed through improved input validation.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
IOKit
Impact: A malicious application may be able to read uninitialized
data from kernel memory
Description: An uninitialized memory access issue existed in the
handling of IOKit functions. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2014-4407 : @PanguTeam
IOKit
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4418 : Ian Beer of Google Project Zero
Kernel
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. A maliciously crafted filesystem may
cause an unexpected system shutdown or arbitrary code execution with
kernel privileges. The issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4433 : Maksymilian Arciemowicz
Kernel
Impact: A malicious file system may cause unexpected system shutdown
Description: A NULL dereference issue existed in the handling of HFS
filenames. A maliciously crafted filesystem may cause an unexpected
system shutdown. This issue was addressed by avoiding the NULL
dereference.
CVE-ID
CVE-2014-4434 : Maksymilian Arciemowicz
Kernel
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A double free issue existed in the handling of Mach
ports. This issue was addressed through improved validation of Mach
ports.
CVE-ID
CVE-2014-4375 : an anonymous researcher
Kernel
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: An out-of-bounds read issue existed in rt_setgate. This
may lead to memory disclosure or memory corruption. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-4408
Kernel
Impact: A local user can cause an unexpected system termination
Description: A reachable panic existed in the handling of messages
sent to system control sockets. This issue was addressed through
additional validation of messages.
CVE-ID
CVE-2014-4442 : Darius Davis of VMware
Kernel
Impact: Some kernel hardening measures may be bypassed
Description: The random number generator used for kernel hardening
measures early in the boot process was not cryptographically secure.
Some of its output was inferable from user space, allowing bypass of
the hardening measures. This issue was addressed by using a
cryptographically secure algorithm.
CVE-ID
CVE-2014-4422 : Tarjei Mandt of Azimuth Security
LaunchServices
Impact: A local application may bypass sandbox restrictions
Description: The LaunchServices interface for setting content type
handlers allowed sandboxed applications to specify handlers for
existing content types. A compromised application could use this to
bypass sandbox restrictions. The issue was addressed by restricting
sandboxed applications from specifying content type handlers.
CVE-ID
CVE-2014-4437 : Meder Kydyraliev of the Google Security Team
LoginWindow
Impact: Sometimes the screen might not lock
Description: A race condition existed in LoginWindow, which would
sometimes prevent the screen from locking. The issue was addressed by
changing the order of operations.
CVE-ID
CVE-2014-4438 : Harry Sintonen of nSense, Alessandro Lobina of
Helvetia Insurances, Patryk Szlagowski of Funky Monkey Labs
Mail
Impact: Mail may send email to unintended recipients
Description: A user interface inconsistency in Mail application
resulted in email being sent to addresses that were removed from the
list of recipients. The issue was addressed through improved user
interface consistency checks.
CVE-ID
CVE-2014-4439 : Patrick J Power of Melbourne, Australia
MCX Desktop Config Profiles
Impact: When mobile configuration profiles were uninstalled, their
settings were not removed
Description: Web proxy settings installed by a mobile configuration
profile were not removed when the profile was uninstalled. This issue
was addressed through improved handling of profile uninstallation.
CVE-ID
CVE-2014-4440 : Kevin Koster of Cloudpath Networks
NetFS Client Framework
Impact: File Sharing may enter a state in which it cannot be
disabled
Description: A state management issue existed in the File Sharing
framework. This issue was addressed through improved state
management. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4351 : Karl Smith of NCC Group
Safari
Impact: History of pages recently visited in an open tab may remain
after clearing of history
Description: Clearing Safari's history did not clear the
back/forward history for open tabs. This issue was addressed by
clearing the back/forward history.
CVE-ID
CVE-2013-5150
Safari
Impact: Opting in to push notifications from a maliciously crafted
website may cause future Safari Push Notifications to be missed
Description: An uncaught exception issue existed in
SafariNotificationAgent's handling of Safari Push Notifications. This
issue was addressed through improved handling of Safari Push
Notifications.
CVE-ID
CVE-2014-4417 : Marek Isalski of Faelix Limited
Secure Transport
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling CBC cipher suites
when TLS connection attempts fail.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team
Security
Impact: A remote attacker may be able to cause a denial of service
Description: A null dereference existed in the handling of ASN.1
data. This issue was addressed through additional validation of ASN.1
data.
CVE-ID
CVE-2014-4443 : Coverity
Security
Impact: A local user might have access to another user's Kerberos
tickets
Description: A state management issue existed in SecurityAgent.
While Fast User Switching, sometimes a Kerberos ticket for the
switched-to user would be placed in the cache for the previous user.
This issue was addressed through improved state management.
CVE-ID
CVE-2014-4444 : Gary Simon of Sandia National Laboratories, Ragnar
Sundblad of KTH Royal Institute of Technology, Eugene Homyakov of
Kaspersky Lab
Security - Code Signing
Impact: Tampered applications may not be prevented from launching
Description: Apps signed on OS X prior to OS X Mavericks 10.9 or
apps using custom resource rules, may have been susceptible to
tampering that would not have invalidated the signature. On systems
set to allow only apps from the Mac App Store and identified
developers, a downloaded modified app could have been allowed to run
as though it were legitimate. This issue was addressed by ignoring
signatures of bundles with resource envelopes that omit resources
that may influence execution. OS X Mavericks v10.9.5 and Security
Update 2014-004 for OS X Mountain Lion v10.8.5 already contain these
changes.
CVE-ID
CVE-2014-4391 : Christopher Hickstein working with HP's Zero Day
Initiative
Note: OS X Yosemite includes Safari 8.0, which incorporates
the security content of Safari 7.1. For further details see
"About the security content of Safari 7.1" at
https://support.apple.com/kb/HT6440.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUQCItAAoJEBcWfLTuOo7tVTMQAIpXH2MO4xElrJDdFvz+9hEq
0I/Md7JZMvm66AZZG6AlHPnGn/UfNSD6BxGmuuz2MnVyr3kBTHfGQbsRtoZ/54dZ
OJrFVD+HE+WmjhB2xLoLTMDP5QgdpBY0gpmNF5Ze4tRogpbfrhDQJjjWls4xbB3B
0MYF5Cq+9nMwHquh/gQpp4pRCms+S/3TdHrjunlfnWFJMNT+XTs0Y5+QPZQ8OMAb
lqDGjjjulN3+WLCekIWXX1WeAFjqW5ICSWqt0b8/yWVnLWuYmWvHPC8LrP52+s87
XHgx+9tW/5L+ZMGxfDYKnhkXNsQaFPai1iPgztjz7/c3NON7ogdIbJd290j2GZ2S
CUoozCx2rVn9l7hFYSDP5fHt8x1itvWeH1UX6WP6Ydkf4iXe63ksMaVSFqccEb7r
HlBlx/dE1FuWD+gkOQwDPkKZR1yiMArqrHz1YwC4GZ6/A3aG9B++y1TBCetQO8xs
bFmlhX4Rvmme+NED0Hli7yN/++axkYUfAHTLwnucq1MW+eP9jecsBpFsOMKJ0ika
XrZoquwIM4zQPgY1qBz15Nxeb8lX2IcpL5PKGEeqiKX3SRPerdQKUnUBk1DtHg2h
fl+BG2AfN6uaYGJvGL9G2OX95SylOWW9uoYvfTVafwU7f9tE8RUEStnXhQD00j/r
P2OKoqPuE6SsFq6L2VwF
=Ucxd
-----END PGP SIGNATURE-----
| VAR-201410-1055 | CVE-2014-4417 | Apple OS X of Safari Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Safari in Apple OS X before 10.10 allows remote attackers to cause a denial of service (universal Push Notification outage) via a web site that triggers an uncaught SafariNotificationAgent exception by providing a crafted Push Notification. Apple Mac OS X is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause a denial of service condition. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-10-16-1 OS X Yosemite v10.10
OS X Yosemite v10.10 is now available and addresses the following:
802.1X
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported stronger
authentication methods. This issue was addressed by disabling LEAP by
default.
CVE-ID
CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim
Lamotte of Universiteit Hasselt
AFP File Server
Impact: A remote attacker could determine all the network addresses
of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
apache
Impact: Multiple vulnerabilities in Apache
Description: Multiple vulnerabilities existed in Apache, the most
serious of which may lead to a denial of service. These issues were
addressed by updating Apache to version 2.4.9.
CVE-ID
CVE-2013-6438
CVE-2014-0098
App Sandbox
Impact: An application confined by sandbox restrictions may misuse
the accessibility API
Description: A sandboxed application could misuse the accessibility
API without the user's knowledge. This has been addressed by
requiring administrator approval to use the accessibility API on an
per-application basis.
CVE-ID
CVE-2014-4427 : Paul S. Ziegler of Reflare UG
Bash
Impact: In certain configurations, a remote attacker may be able to
execute arbitrary shell commands
Description: An issue existed in Bash's parsing of environment
variables. This issue was addressed through improved environment
variable parsing by better detecting the end of the function
statement. This update also incorporated the suggested CVE-2014-7169
change, which resets the parser state. In addition, this update
added a new namespace for exported functions by creating a function
decorator to prevent unintended header passthrough to Bash. The names
of all environment variables that introduce function definitions are
required to have a prefix "__BASH_FUNC<" and suffix ">()" to prevent
unintended function passing via HTTP headers.
CVE-ID
CVE-2014-6271 : Stephane Chazelas
CVE-2014-7169 : Tavis Ormandy
Bluetooth
Impact: A malicious Bluetooth input device may bypass pairing
Description: Unencrypted connections were permitted from Human
Interface Device-class Bluetooth Low Energy devices. If a Mac had
paired with such a device, an attacker could spoof the legitimate
device to establish a connection. The issue was addressed by denying
unencrypted HID connections.
CVE-ID
CVE-2014-4428 : Mike Ryan of iSEC Partners
CFPreferences
Impact: The 'require password after sleep or screen saver begins'
preference may not be respected until after a reboot
Description: A session management issue existed in the handling of
system preference settings. This issue was addressed through improved
session tracking.
CVE-ID
CVE-2014-4425
Certificate Trust Policy
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
http://support.apple.com/kb/HT6005.
CoreStorage
Impact: An encrypted volume may stay unlocked when ejected
Description: When an encrypted volume was logically ejected while
mounted, the volume was unmounted but the keys were retained, so it
could have been mounted again without the password. This issue was
addressed by erasing the keys on eject.
CVE-ID
CVE-2014-4430 : Benjamin King at See Ben Click Computer Services LLC,
Karsten Iwen, Dustin Li (http://dustin.li/), Ken J. Takekoshi, and
other anonymous researchers
CUPS
Impact: A local user can execute arbitrary code with system
privileges
Description: When the CUPS web interface served files, it would
follow symlinks. A local user could create symlinks to arbitrary
files and retrieve them through the web interface. This issue was
addressed by disallowing symlinks to be served via the CUPS web
interface.
CVE-ID
CVE-2014-3537
Dock
Impact: In some circumstances, windows may be visible even when the
screen is locked
Description: A state management issue existed in the handling of the
screen lock. This issue was addressed through improved state
tracking.
CVE-ID
CVE-2014-4431 : Emil Sjolander of Umea University
fdesetup
Impact: The fdesetup command may provide misleading status for the
state of encryption on disk
Description: After updating settings, but before rebooting, the
fdesetup command provided misleading status. This issue was addressed
through improved status reporting.
CVE-ID
CVE-2014-4432
iCloud Find My Mac
Impact: iCloud Lost mode PIN may be bruteforced
Description: A state persistence issue in rate limiting allowed
brute force attacks on iCloud Lost mode PIN. This issue was addressed
through improved state persistence across reboots.
CVE-ID
CVE-2014-4435 : knoy
IOAcceleratorFamily
Impact: An application may cause a denial of service
Description: A NULL pointer dereference was present in the
IntelAccelerator driver. The issue was addressed through improved
error handling.
CVE-ID
CVE-2014-4373 : cunzhang from Adlab of Venustech
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Impact: An application may cause a denial of service
Description: A out-of-bounds memory read was present in the
IOHIDFamily driver. The issue was addressed through improved input
validation.
CVE-ID
CVE-2014-4436 : cunzhang from Adlab of Venustech
IOHIDFamily
Impact: A user may be able to execute arbitrary code with system
privileges
Description: An out-of-bounds write issue exited in the IOHIDFamily
driver. The issue was addressed through improved input validation.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
IOKit
Impact: A malicious application may be able to read uninitialized
data from kernel memory
Description: An uninitialized memory access issue existed in the
handling of IOKit functions. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2014-4407 : @PanguTeam
IOKit
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4418 : Ian Beer of Google Project Zero
Kernel
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Impact: A maliciously crafted file system may cause unexpected
system shutdown or arbitrary code execution
Description: A heap-based buffer overflow issue existed in the
handling of HFS resource forks. A maliciously crafted filesystem may
cause an unexpected system shutdown or arbitrary code execution with
kernel privileges. The issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4433 : Maksymilian Arciemowicz
Kernel
Impact: A malicious file system may cause unexpected system shutdown
Description: A NULL dereference issue existed in the handling of HFS
filenames. A maliciously crafted filesystem may cause an unexpected
system shutdown. This issue was addressed by avoiding the NULL
dereference.
CVE-ID
CVE-2014-4434 : Maksymilian Arciemowicz
Kernel
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A double free issue existed in the handling of Mach
ports. This issue was addressed through improved validation of Mach
ports.
CVE-ID
CVE-2014-4375 : an anonymous researcher
Kernel
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: An out-of-bounds read issue existed in rt_setgate. This
may lead to memory disclosure or memory corruption. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-4408
Kernel
Impact: A local user can cause an unexpected system termination
Description: A reachable panic existed in the handling of messages
sent to system control sockets. This issue was addressed through
additional validation of messages.
CVE-ID
CVE-2014-4442 : Darius Davis of VMware
Kernel
Impact: Some kernel hardening measures may be bypassed
Description: The random number generator used for kernel hardening
measures early in the boot process was not cryptographically secure.
Some of its output was inferable from user space, allowing bypass of
the hardening measures. This issue was addressed by using a
cryptographically secure algorithm.
CVE-ID
CVE-2014-4422 : Tarjei Mandt of Azimuth Security
LaunchServices
Impact: A local application may bypass sandbox restrictions
Description: The LaunchServices interface for setting content type
handlers allowed sandboxed applications to specify handlers for
existing content types. A compromised application could use this to
bypass sandbox restrictions. The issue was addressed by restricting
sandboxed applications from specifying content type handlers.
CVE-ID
CVE-2014-4437 : Meder Kydyraliev of the Google Security Team
LoginWindow
Impact: Sometimes the screen might not lock
Description: A race condition existed in LoginWindow, which would
sometimes prevent the screen from locking. The issue was addressed by
changing the order of operations.
CVE-ID
CVE-2014-4438 : Harry Sintonen of nSense, Alessandro Lobina of
Helvetia Insurances, Patryk Szlagowski of Funky Monkey Labs
Mail
Impact: Mail may send email to unintended recipients
Description: A user interface inconsistency in Mail application
resulted in email being sent to addresses that were removed from the
list of recipients. The issue was addressed through improved user
interface consistency checks.
CVE-ID
CVE-2014-4439 : Patrick J Power of Melbourne, Australia
MCX Desktop Config Profiles
Impact: When mobile configuration profiles were uninstalled, their
settings were not removed
Description: Web proxy settings installed by a mobile configuration
profile were not removed when the profile was uninstalled. This issue
was addressed through improved handling of profile uninstallation.
CVE-ID
CVE-2014-4440 : Kevin Koster of Cloudpath Networks
NetFS Client Framework
Impact: File Sharing may enter a state in which it cannot be
disabled
Description: A state management issue existed in the File Sharing
framework. This issue was addressed through improved state
management.
CVE-ID
CVE-2014-4441 : Eduardo Bonsi of BEARTCOMMUNICATIONS
QuickTime
Impact: Playing a maliciously crafted m4a file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of audio
samples. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4351 : Karl Smith of NCC Group
Safari
Impact: History of pages recently visited in an open tab may remain
after clearing of history
Description: Clearing Safari's history did not clear the
back/forward history for open tabs. This issue was addressed by
clearing the back/forward history. This
issue was addressed through improved handling of Safari Push
Notifications.
CVE-ID
CVE-2014-4417 : Marek Isalski of Faelix Limited
Secure Transport
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling CBC cipher suites
when TLS connection attempts fail.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team
Security
Impact: A remote attacker may be able to cause a denial of service
Description: A null dereference existed in the handling of ASN.1
data. This issue was addressed through additional validation of ASN.1
data.
CVE-ID
CVE-2014-4443 : Coverity
Security
Impact: A local user might have access to another user's Kerberos
tickets
Description: A state management issue existed in SecurityAgent.
While Fast User Switching, sometimes a Kerberos ticket for the
switched-to user would be placed in the cache for the previous user.
This issue was addressed through improved state management.
CVE-ID
CVE-2014-4444 : Gary Simon of Sandia National Laboratories, Ragnar
Sundblad of KTH Royal Institute of Technology, Eugene Homyakov of
Kaspersky Lab
Security - Code Signing
Impact: Tampered applications may not be prevented from launching
Description: Apps signed on OS X prior to OS X Mavericks 10.9 or
apps using custom resource rules, may have been susceptible to
tampering that would not have invalidated the signature. On systems
set to allow only apps from the Mac App Store and identified
developers, a downloaded modified app could have been allowed to run
as though it were legitimate. This issue was addressed by ignoring
signatures of bundles with resource envelopes that omit resources
that may influence execution. OS X Mavericks v10.9.5 and Security
Update 2014-004 for OS X Mountain Lion v10.8.5 already contain these
changes.
CVE-ID
CVE-2014-4391 : Christopher Hickstein working with HP's Zero Day
Initiative
Note: OS X Yosemite includes Safari 8.0, which incorporates
the security content of Safari 7.1. For further details see
"About the security content of Safari 7.1" at
https://support.apple.com/kb/HT6440.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUQCItAAoJEBcWfLTuOo7tVTMQAIpXH2MO4xElrJDdFvz+9hEq
0I/Md7JZMvm66AZZG6AlHPnGn/UfNSD6BxGmuuz2MnVyr3kBTHfGQbsRtoZ/54dZ
OJrFVD+HE+WmjhB2xLoLTMDP5QgdpBY0gpmNF5Ze4tRogpbfrhDQJjjWls4xbB3B
0MYF5Cq+9nMwHquh/gQpp4pRCms+S/3TdHrjunlfnWFJMNT+XTs0Y5+QPZQ8OMAb
lqDGjjjulN3+WLCekIWXX1WeAFjqW5ICSWqt0b8/yWVnLWuYmWvHPC8LrP52+s87
XHgx+9tW/5L+ZMGxfDYKnhkXNsQaFPai1iPgztjz7/c3NON7ogdIbJd290j2GZ2S
CUoozCx2rVn9l7hFYSDP5fHt8x1itvWeH1UX6WP6Ydkf4iXe63ksMaVSFqccEb7r
HlBlx/dE1FuWD+gkOQwDPkKZR1yiMArqrHz1YwC4GZ6/A3aG9B++y1TBCetQO8xs
bFmlhX4Rvmme+NED0Hli7yN/++axkYUfAHTLwnucq1MW+eP9jecsBpFsOMKJ0ika
XrZoquwIM4zQPgY1qBz15Nxeb8lX2IcpL5PKGEeqiKX3SRPerdQKUnUBk1DtHg2h
fl+BG2AfN6uaYGJvGL9G2OX95SylOWW9uoYvfTVafwU7f9tE8RUEStnXhQD00j/r
P2OKoqPuE6SsFq6L2VwF
=Ucxd
-----END PGP SIGNATURE-----
| VAR-201410-1056 | CVE-2014-4425 | Apple OS X of CFPreferences Vulnerabilities that gain access |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. Apple Mac OS X is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to gain access. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-10-16-1 OS X Yosemite v10.10
OS X Yosemite v10.10 is now available and addresses the following:
802.1X
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported stronger
authentication methods. This issue was addressed by disabling LEAP by
default.
CVE-ID
CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim
Lamotte of Universiteit Hasselt
AFP File Server
Impact: A remote attacker could determine all the network addresses
of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
apache
Impact: Multiple vulnerabilities in Apache
Description: Multiple vulnerabilities existed in Apache, the most
serious of which may lead to a denial of service. These issues were
addressed by updating Apache to version 2.4.9.
CVE-ID
CVE-2013-6438
CVE-2014-0098
App Sandbox
Impact: An application confined by sandbox restrictions may misuse
the accessibility API
Description: A sandboxed application could misuse the accessibility
API without the user's knowledge. This has been addressed by
requiring administrator approval to use the accessibility API on an
per-application basis.
CVE-ID
CVE-2014-4427 : Paul S. Ziegler of Reflare UG
Bash
Impact: In certain configurations, a remote attacker may be able to
execute arbitrary shell commands
Description: An issue existed in Bash's parsing of environment
variables. This issue was addressed through improved environment
variable parsing by better detecting the end of the function
statement. This update also incorporated the suggested CVE-2014-7169
change, which resets the parser state. In addition, this update
added a new namespace for exported functions by creating a function
decorator to prevent unintended header passthrough to Bash. The names
of all environment variables that introduce function definitions are
required to have a prefix "__BASH_FUNC<" and suffix ">()" to prevent
unintended function passing via HTTP headers.
CVE-ID
CVE-2014-6271 : Stephane Chazelas
CVE-2014-7169 : Tavis Ormandy
Bluetooth
Impact: A malicious Bluetooth input device may bypass pairing
Description: Unencrypted connections were permitted from Human
Interface Device-class Bluetooth Low Energy devices. If a Mac had
paired with such a device, an attacker could spoof the legitimate
device to establish a connection. The issue was addressed by denying
unencrypted HID connections.
CVE-ID
CVE-2014-4428 : Mike Ryan of iSEC Partners
CFPreferences
Impact: The 'require password after sleep or screen saver begins'
preference may not be respected until after a reboot
Description: A session management issue existed in the handling of
system preference settings. This issue was addressed through improved
session tracking.
CVE-ID
CVE-2014-4425
Certificate Trust Policy
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
http://support.apple.com/kb/HT6005.
CoreStorage
Impact: An encrypted volume may stay unlocked when ejected
Description: When an encrypted volume was logically ejected while
mounted, the volume was unmounted but the keys were retained, so it
could have been mounted again without the password. This issue was
addressed by erasing the keys on eject.
CVE-ID
CVE-2014-4430 : Benjamin King at See Ben Click Computer Services LLC,
Karsten Iwen, Dustin Li (http://dustin.li/), Ken J. Takekoshi, and
other anonymous researchers
CUPS
Impact: A local user can execute arbitrary code with system
privileges
Description: When the CUPS web interface served files, it would
follow symlinks. A local user could create symlinks to arbitrary
files and retrieve them through the web interface. This issue was
addressed by disallowing symlinks to be served via the CUPS web
interface.
CVE-ID
CVE-2014-3537
Dock
Impact: In some circumstances, windows may be visible even when the
screen is locked
Description: A state management issue existed in the handling of the
screen lock. This issue was addressed through improved state
tracking.
CVE-ID
CVE-2014-4431 : Emil Sjolander of Umea University
fdesetup
Impact: The fdesetup command may provide misleading status for the
state of encryption on disk
Description: After updating settings, but before rebooting, the
fdesetup command provided misleading status. This issue was addressed
through improved status reporting.
CVE-ID
CVE-2014-4432
iCloud Find My Mac
Impact: iCloud Lost mode PIN may be bruteforced
Description: A state persistence issue in rate limiting allowed
brute force attacks on iCloud Lost mode PIN. This issue was addressed
through improved state persistence across reboots.
CVE-ID
CVE-2014-4435 : knoy
IOAcceleratorFamily
Impact: An application may cause a denial of service
Description: A NULL pointer dereference was present in the
IntelAccelerator driver. The issue was addressed through improved
error handling.
CVE-ID
CVE-2014-4373 : cunzhang from Adlab of Venustech
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Impact: An application may cause a denial of service
Description: A out-of-bounds memory read was present in the
IOHIDFamily driver. The issue was addressed through improved input
validation.
CVE-ID
CVE-2014-4436 : cunzhang from Adlab of Venustech
IOHIDFamily
Impact: A user may be able to execute arbitrary code with system
privileges
Description: An out-of-bounds write issue exited in the IOHIDFamily
driver. The issue was addressed through improved input validation.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
IOKit
Impact: A malicious application may be able to read uninitialized
data from kernel memory
Description: An uninitialized memory access issue existed in the
handling of IOKit functions. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2014-4407 : @PanguTeam
IOKit
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4418 : Ian Beer of Google Project Zero
Kernel
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Impact: A maliciously crafted file system may cause unexpected
system shutdown or arbitrary code execution
Description: A heap-based buffer overflow issue existed in the
handling of HFS resource forks. A maliciously crafted filesystem may
cause an unexpected system shutdown or arbitrary code execution with
kernel privileges. The issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4433 : Maksymilian Arciemowicz
Kernel
Impact: A malicious file system may cause unexpected system shutdown
Description: A NULL dereference issue existed in the handling of HFS
filenames. A maliciously crafted filesystem may cause an unexpected
system shutdown. This issue was addressed by avoiding the NULL
dereference.
CVE-ID
CVE-2014-4434 : Maksymilian Arciemowicz
Kernel
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A double free issue existed in the handling of Mach
ports. This issue was addressed through improved validation of Mach
ports.
CVE-ID
CVE-2014-4375 : an anonymous researcher
Kernel
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: An out-of-bounds read issue existed in rt_setgate. This
may lead to memory disclosure or memory corruption. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-4408
Kernel
Impact: A local user can cause an unexpected system termination
Description: A reachable panic existed in the handling of messages
sent to system control sockets. This issue was addressed through
additional validation of messages.
CVE-ID
CVE-2014-4442 : Darius Davis of VMware
Kernel
Impact: Some kernel hardening measures may be bypassed
Description: The random number generator used for kernel hardening
measures early in the boot process was not cryptographically secure.
Some of its output was inferable from user space, allowing bypass of
the hardening measures. This issue was addressed by using a
cryptographically secure algorithm.
CVE-ID
CVE-2014-4422 : Tarjei Mandt of Azimuth Security
LaunchServices
Impact: A local application may bypass sandbox restrictions
Description: The LaunchServices interface for setting content type
handlers allowed sandboxed applications to specify handlers for
existing content types. A compromised application could use this to
bypass sandbox restrictions. The issue was addressed by restricting
sandboxed applications from specifying content type handlers.
CVE-ID
CVE-2014-4437 : Meder Kydyraliev of the Google Security Team
LoginWindow
Impact: Sometimes the screen might not lock
Description: A race condition existed in LoginWindow, which would
sometimes prevent the screen from locking. The issue was addressed by
changing the order of operations.
CVE-ID
CVE-2014-4438 : Harry Sintonen of nSense, Alessandro Lobina of
Helvetia Insurances, Patryk Szlagowski of Funky Monkey Labs
Mail
Impact: Mail may send email to unintended recipients
Description: A user interface inconsistency in Mail application
resulted in email being sent to addresses that were removed from the
list of recipients. The issue was addressed through improved user
interface consistency checks.
CVE-ID
CVE-2014-4439 : Patrick J Power of Melbourne, Australia
MCX Desktop Config Profiles
Impact: When mobile configuration profiles were uninstalled, their
settings were not removed
Description: Web proxy settings installed by a mobile configuration
profile were not removed when the profile was uninstalled. This issue
was addressed through improved handling of profile uninstallation.
CVE-ID
CVE-2014-4440 : Kevin Koster of Cloudpath Networks
NetFS Client Framework
Impact: File Sharing may enter a state in which it cannot be
disabled
Description: A state management issue existed in the File Sharing
framework. This issue was addressed through improved state
management.
CVE-ID
CVE-2014-4441 : Eduardo Bonsi of BEARTCOMMUNICATIONS
QuickTime
Impact: Playing a maliciously crafted m4a file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of audio
samples. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4351 : Karl Smith of NCC Group
Safari
Impact: History of pages recently visited in an open tab may remain
after clearing of history
Description: Clearing Safari's history did not clear the
back/forward history for open tabs. This issue was addressed by
clearing the back/forward history.
CVE-ID
CVE-2013-5150
Safari
Impact: Opting in to push notifications from a maliciously crafted
website may cause future Safari Push Notifications to be missed
Description: An uncaught exception issue existed in
SafariNotificationAgent's handling of Safari Push Notifications. This
issue was addressed through improved handling of Safari Push
Notifications.
CVE-ID
CVE-2014-4417 : Marek Isalski of Faelix Limited
Secure Transport
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling CBC cipher suites
when TLS connection attempts fail.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team
Security
Impact: A remote attacker may be able to cause a denial of service
Description: A null dereference existed in the handling of ASN.1
data. This issue was addressed through additional validation of ASN.1
data.
CVE-ID
CVE-2014-4443 : Coverity
Security
Impact: A local user might have access to another user's Kerberos
tickets
Description: A state management issue existed in SecurityAgent.
While Fast User Switching, sometimes a Kerberos ticket for the
switched-to user would be placed in the cache for the previous user.
This issue was addressed through improved state management.
CVE-ID
CVE-2014-4444 : Gary Simon of Sandia National Laboratories, Ragnar
Sundblad of KTH Royal Institute of Technology, Eugene Homyakov of
Kaspersky Lab
Security - Code Signing
Impact: Tampered applications may not be prevented from launching
Description: Apps signed on OS X prior to OS X Mavericks 10.9 or
apps using custom resource rules, may have been susceptible to
tampering that would not have invalidated the signature. On systems
set to allow only apps from the Mac App Store and identified
developers, a downloaded modified app could have been allowed to run
as though it were legitimate. This issue was addressed by ignoring
signatures of bundles with resource envelopes that omit resources
that may influence execution.
CVE-ID
CVE-2014-4391 : Christopher Hickstein working with HP's Zero Day
Initiative
Note: OS X Yosemite includes Safari 8.0, which incorporates
the security content of Safari 7.1. For further details see
"About the security content of Safari 7.1" at
https://support.apple.com/kb/HT6440.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUQCItAAoJEBcWfLTuOo7tVTMQAIpXH2MO4xElrJDdFvz+9hEq
0I/Md7JZMvm66AZZG6AlHPnGn/UfNSD6BxGmuuz2MnVyr3kBTHfGQbsRtoZ/54dZ
OJrFVD+HE+WmjhB2xLoLTMDP5QgdpBY0gpmNF5Ze4tRogpbfrhDQJjjWls4xbB3B
0MYF5Cq+9nMwHquh/gQpp4pRCms+S/3TdHrjunlfnWFJMNT+XTs0Y5+QPZQ8OMAb
lqDGjjjulN3+WLCekIWXX1WeAFjqW5ICSWqt0b8/yWVnLWuYmWvHPC8LrP52+s87
XHgx+9tW/5L+ZMGxfDYKnhkXNsQaFPai1iPgztjz7/c3NON7ogdIbJd290j2GZ2S
CUoozCx2rVn9l7hFYSDP5fHt8x1itvWeH1UX6WP6Ydkf4iXe63ksMaVSFqccEb7r
HlBlx/dE1FuWD+gkOQwDPkKZR1yiMArqrHz1YwC4GZ6/A3aG9B++y1TBCetQO8xs
bFmlhX4Rvmme+NED0Hli7yN/++axkYUfAHTLwnucq1MW+eP9jecsBpFsOMKJ0ika
XrZoquwIM4zQPgY1qBz15Nxeb8lX2IcpL5PKGEeqiKX3SRPerdQKUnUBk1DtHg2h
fl+BG2AfN6uaYGJvGL9G2OX95SylOWW9uoYvfTVafwU7f9tE8RUEStnXhQD00j/r
P2OKoqPuE6SsFq6L2VwF
=Ucxd
-----END PGP SIGNATURE-----
| VAR-201410-1059 | CVE-2014-4428 | Apple OS X of Bluetooth Vulnerabilities impersonating devices |
CVSS V2: 5.4 CVSS V3: - Severity: MEDIUM |
Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing. Apple Mac OS X is prone to a security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-10-16-1 OS X Yosemite v10.10
OS X Yosemite v10.10 is now available and addresses the following:
802.1X
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported stronger
authentication methods. This issue was addressed by disabling LEAP by
default.
CVE-ID
CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim
Lamotte of Universiteit Hasselt
AFP File Server
Impact: A remote attacker could determine all the network addresses
of the system
Description: The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
apache
Impact: Multiple vulnerabilities in Apache
Description: Multiple vulnerabilities existed in Apache, the most
serious of which may lead to a denial of service. These issues were
addressed by updating Apache to version 2.4.9.
CVE-ID
CVE-2013-6438
CVE-2014-0098
App Sandbox
Impact: An application confined by sandbox restrictions may misuse
the accessibility API
Description: A sandboxed application could misuse the accessibility
API without the user's knowledge. This has been addressed by
requiring administrator approval to use the accessibility API on an
per-application basis.
CVE-ID
CVE-2014-4427 : Paul S. Ziegler of Reflare UG
Bash
Impact: In certain configurations, a remote attacker may be able to
execute arbitrary shell commands
Description: An issue existed in Bash's parsing of environment
variables. This issue was addressed through improved environment
variable parsing by better detecting the end of the function
statement. This update also incorporated the suggested CVE-2014-7169
change, which resets the parser state. In addition, this update
added a new namespace for exported functions by creating a function
decorator to prevent unintended header passthrough to Bash. The names
of all environment variables that introduce function definitions are
required to have a prefix "__BASH_FUNC<" and suffix ">()" to prevent
unintended function passing via HTTP headers. If a Mac had
paired with such a device, an attacker could spoof the legitimate
device to establish a connection. The issue was addressed by denying
unencrypted HID connections.
CVE-ID
CVE-2014-4428 : Mike Ryan of iSEC Partners
CFPreferences
Impact: The 'require password after sleep or screen saver begins'
preference may not be respected until after a reboot
Description: A session management issue existed in the handling of
system preference settings. This issue was addressed through improved
session tracking.
CVE-ID
CVE-2014-4425
Certificate Trust Policy
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
http://support.apple.com/kb/HT6005.
CoreStorage
Impact: An encrypted volume may stay unlocked when ejected
Description: When an encrypted volume was logically ejected while
mounted, the volume was unmounted but the keys were retained, so it
could have been mounted again without the password. This issue was
addressed by erasing the keys on eject.
CVE-ID
CVE-2014-4430 : Benjamin King at See Ben Click Computer Services LLC,
Karsten Iwen, Dustin Li (http://dustin.li/), Ken J. Takekoshi, and
other anonymous researchers
CUPS
Impact: A local user can execute arbitrary code with system
privileges
Description: When the CUPS web interface served files, it would
follow symlinks. A local user could create symlinks to arbitrary
files and retrieve them through the web interface. This issue was
addressed by disallowing symlinks to be served via the CUPS web
interface.
CVE-ID
CVE-2014-3537
Dock
Impact: In some circumstances, windows may be visible even when the
screen is locked
Description: A state management issue existed in the handling of the
screen lock. This issue was addressed through improved state
tracking.
CVE-ID
CVE-2014-4431 : Emil Sjolander of Umea University
fdesetup
Impact: The fdesetup command may provide misleading status for the
state of encryption on disk
Description: After updating settings, but before rebooting, the
fdesetup command provided misleading status. This issue was addressed
through improved status reporting.
CVE-ID
CVE-2014-4432
iCloud Find My Mac
Impact: iCloud Lost mode PIN may be bruteforced
Description: A state persistence issue in rate limiting allowed
brute force attacks on iCloud Lost mode PIN. This issue was addressed
through improved state persistence across reboots.
CVE-ID
CVE-2014-4435 : knoy
IOAcceleratorFamily
Impact: An application may cause a denial of service
Description: A NULL pointer dereference was present in the
IntelAccelerator driver. The issue was addressed through improved
error handling.
CVE-ID
CVE-2014-4373 : cunzhang from Adlab of Venustech
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Impact: An application may cause a denial of service
Description: A out-of-bounds memory read was present in the
IOHIDFamily driver. The issue was addressed through improved input
validation.
CVE-ID
CVE-2014-4436 : cunzhang from Adlab of Venustech
IOHIDFamily
Impact: A user may be able to execute arbitrary code with system
privileges
Description: An out-of-bounds write issue exited in the IOHIDFamily
driver. The issue was addressed through improved input validation.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
IOKit
Impact: A malicious application may be able to read uninitialized
data from kernel memory
Description: An uninitialized memory access issue existed in the
handling of IOKit functions. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2014-4407 : @PanguTeam
IOKit
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4418 : Ian Beer of Google Project Zero
Kernel
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Impact: A maliciously crafted file system may cause unexpected
system shutdown or arbitrary code execution
Description: A heap-based buffer overflow issue existed in the
handling of HFS resource forks. A maliciously crafted filesystem may
cause an unexpected system shutdown or arbitrary code execution with
kernel privileges. The issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4433 : Maksymilian Arciemowicz
Kernel
Impact: A malicious file system may cause unexpected system shutdown
Description: A NULL dereference issue existed in the handling of HFS
filenames. A maliciously crafted filesystem may cause an unexpected
system shutdown. This issue was addressed by avoiding the NULL
dereference.
CVE-ID
CVE-2014-4434 : Maksymilian Arciemowicz
Kernel
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A double free issue existed in the handling of Mach
ports. This issue was addressed through improved validation of Mach
ports.
CVE-ID
CVE-2014-4375 : an anonymous researcher
Kernel
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: An out-of-bounds read issue existed in rt_setgate. This
may lead to memory disclosure or memory corruption. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-4408
Kernel
Impact: A local user can cause an unexpected system termination
Description: A reachable panic existed in the handling of messages
sent to system control sockets. This issue was addressed through
additional validation of messages.
CVE-ID
CVE-2014-4442 : Darius Davis of VMware
Kernel
Impact: Some kernel hardening measures may be bypassed
Description: The random number generator used for kernel hardening
measures early in the boot process was not cryptographically secure.
Some of its output was inferable from user space, allowing bypass of
the hardening measures. This issue was addressed by using a
cryptographically secure algorithm.
CVE-ID
CVE-2014-4422 : Tarjei Mandt of Azimuth Security
LaunchServices
Impact: A local application may bypass sandbox restrictions
Description: The LaunchServices interface for setting content type
handlers allowed sandboxed applications to specify handlers for
existing content types. A compromised application could use this to
bypass sandbox restrictions. The issue was addressed by restricting
sandboxed applications from specifying content type handlers.
CVE-ID
CVE-2014-4437 : Meder Kydyraliev of the Google Security Team
LoginWindow
Impact: Sometimes the screen might not lock
Description: A race condition existed in LoginWindow, which would
sometimes prevent the screen from locking. The issue was addressed by
changing the order of operations.
CVE-ID
CVE-2014-4438 : Harry Sintonen of nSense, Alessandro Lobina of
Helvetia Insurances, Patryk Szlagowski of Funky Monkey Labs
Mail
Impact: Mail may send email to unintended recipients
Description: A user interface inconsistency in Mail application
resulted in email being sent to addresses that were removed from the
list of recipients. The issue was addressed through improved user
interface consistency checks.
CVE-ID
CVE-2014-4439 : Patrick J Power of Melbourne, Australia
MCX Desktop Config Profiles
Impact: When mobile configuration profiles were uninstalled, their
settings were not removed
Description: Web proxy settings installed by a mobile configuration
profile were not removed when the profile was uninstalled. This issue
was addressed through improved handling of profile uninstallation.
CVE-ID
CVE-2014-4440 : Kevin Koster of Cloudpath Networks
NetFS Client Framework
Impact: File Sharing may enter a state in which it cannot be
disabled
Description: A state management issue existed in the File Sharing
framework. This issue was addressed through improved state
management.
CVE-ID
CVE-2014-4441 : Eduardo Bonsi of BEARTCOMMUNICATIONS
QuickTime
Impact: Playing a maliciously crafted m4a file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of audio
samples. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4351 : Karl Smith of NCC Group
Safari
Impact: History of pages recently visited in an open tab may remain
after clearing of history
Description: Clearing Safari's history did not clear the
back/forward history for open tabs. This issue was addressed by
clearing the back/forward history.
CVE-ID
CVE-2013-5150
Safari
Impact: Opting in to push notifications from a maliciously crafted
website may cause future Safari Push Notifications to be missed
Description: An uncaught exception issue existed in
SafariNotificationAgent's handling of Safari Push Notifications. This
issue was addressed through improved handling of Safari Push
Notifications.
CVE-ID
CVE-2014-4417 : Marek Isalski of Faelix Limited
Secure Transport
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling CBC cipher suites
when TLS connection attempts fail.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team
Security
Impact: A remote attacker may be able to cause a denial of service
Description: A null dereference existed in the handling of ASN.1
data. This issue was addressed through additional validation of ASN.1
data.
CVE-ID
CVE-2014-4443 : Coverity
Security
Impact: A local user might have access to another user's Kerberos
tickets
Description: A state management issue existed in SecurityAgent.
While Fast User Switching, sometimes a Kerberos ticket for the
switched-to user would be placed in the cache for the previous user.
This issue was addressed through improved state management.
CVE-ID
CVE-2014-4444 : Gary Simon of Sandia National Laboratories, Ragnar
Sundblad of KTH Royal Institute of Technology, Eugene Homyakov of
Kaspersky Lab
Security - Code Signing
Impact: Tampered applications may not be prevented from launching
Description: Apps signed on OS X prior to OS X Mavericks 10.9 or
apps using custom resource rules, may have been susceptible to
tampering that would not have invalidated the signature. On systems
set to allow only apps from the Mac App Store and identified
developers, a downloaded modified app could have been allowed to run
as though it were legitimate. This issue was addressed by ignoring
signatures of bundles with resource envelopes that omit resources
that may influence execution.
CVE-ID
CVE-2014-4391 : Christopher Hickstein working with HP's Zero Day
Initiative
Note: OS X Yosemite includes Safari 8.0, which incorporates
the security content of Safari 7.1. For further details see
"About the security content of Safari 7.1" at
https://support.apple.com/kb/HT6440.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUQCItAAoJEBcWfLTuOo7tVTMQAIpXH2MO4xElrJDdFvz+9hEq
0I/Md7JZMvm66AZZG6AlHPnGn/UfNSD6BxGmuuz2MnVyr3kBTHfGQbsRtoZ/54dZ
OJrFVD+HE+WmjhB2xLoLTMDP5QgdpBY0gpmNF5Ze4tRogpbfrhDQJjjWls4xbB3B
0MYF5Cq+9nMwHquh/gQpp4pRCms+S/3TdHrjunlfnWFJMNT+XTs0Y5+QPZQ8OMAb
lqDGjjjulN3+WLCekIWXX1WeAFjqW5ICSWqt0b8/yWVnLWuYmWvHPC8LrP52+s87
XHgx+9tW/5L+ZMGxfDYKnhkXNsQaFPai1iPgztjz7/c3NON7ogdIbJd290j2GZ2S
CUoozCx2rVn9l7hFYSDP5fHt8x1itvWeH1UX6WP6Ydkf4iXe63ksMaVSFqccEb7r
HlBlx/dE1FuWD+gkOQwDPkKZR1yiMArqrHz1YwC4GZ6/A3aG9B++y1TBCetQO8xs
bFmlhX4Rvmme+NED0Hli7yN/++axkYUfAHTLwnucq1MW+eP9jecsBpFsOMKJ0ika
XrZoquwIM4zQPgY1qBz15Nxeb8lX2IcpL5PKGEeqiKX3SRPerdQKUnUBk1DtHg2h
fl+BG2AfN6uaYGJvGL9G2OX95SylOWW9uoYvfTVafwU7f9tE8RUEStnXhQD00j/r
P2OKoqPuE6SsFq6L2VwF
=Ucxd
-----END PGP SIGNATURE-----
.
CVE-ID
CVE-2014-4428 : Mike Ryan of iSEC Partners
House Arrest
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Files transferred to the device may be written with
insufficient cryptographic protection
Description: Files could be transferred to an app's Documents
directory and encrypted with a key protected only by the hardware
UID. This issue was addressed by encrypting the transferred files
with a key protected by the hardware UID and the user's passcode.
CVE-ID
CVE-2014-4448 : Jonathan Zdziarski and Kevin DeLong
iCloud Data Access
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in a privileged network position may force
iCloud data access clients to leak sensitive information
Description: A TLS certificate validation vulnerability existed in
iCloud data access clients.
CVE-ID
CVE-2014-4449 : Carl Mehner of USAA
Keyboards
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: QuickType could learn users' credentials
Description: QuickType could learn users' credentials when switching
between elements. This issue was addressed by QuickType not learning
from fields where autocomplete is disabled and reapplying the
criteria when switching between DOM input elements in legacy WebKit.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.1"
| VAR-201410-1057 | CVE-2014-4426 | Apple OS X of AFP Vulnerability to obtain network addresses of all interfaces in file server |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
AFP File Server in Apple OS X before 10.10 allows remote attackers to discover the network addresses of all interfaces via an unspecified command to one interface. Apple Mac OS X is prone to an information-disclosure vulnerability.
A remote attacker can leverage this issue to gain access to the sensitive information. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-10-16-1 OS X Yosemite v10.10
OS X Yosemite v10.10 is now available and addresses the following:
802.1X
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported stronger
authentication methods. This issue was addressed by disabling LEAP by
default. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT
apache
Impact: Multiple vulnerabilities in Apache
Description: Multiple vulnerabilities existed in Apache, the most
serious of which may lead to a denial of service. These issues were
addressed by updating Apache to version 2.4.9.
CVE-ID
CVE-2013-6438
CVE-2014-0098
App Sandbox
Impact: An application confined by sandbox restrictions may misuse
the accessibility API
Description: A sandboxed application could misuse the accessibility
API without the user's knowledge. This has been addressed by
requiring administrator approval to use the accessibility API on an
per-application basis.
CVE-ID
CVE-2014-4427 : Paul S. Ziegler of Reflare UG
Bash
Impact: In certain configurations, a remote attacker may be able to
execute arbitrary shell commands
Description: An issue existed in Bash's parsing of environment
variables. This issue was addressed through improved environment
variable parsing by better detecting the end of the function
statement. This update also incorporated the suggested CVE-2014-7169
change, which resets the parser state. In addition, this update
added a new namespace for exported functions by creating a function
decorator to prevent unintended header passthrough to Bash. The names
of all environment variables that introduce function definitions are
required to have a prefix "__BASH_FUNC<" and suffix ">()" to prevent
unintended function passing via HTTP headers.
CVE-ID
CVE-2014-6271 : Stephane Chazelas
CVE-2014-7169 : Tavis Ormandy
Bluetooth
Impact: A malicious Bluetooth input device may bypass pairing
Description: Unencrypted connections were permitted from Human
Interface Device-class Bluetooth Low Energy devices. If a Mac had
paired with such a device, an attacker could spoof the legitimate
device to establish a connection. The issue was addressed by denying
unencrypted HID connections.
CVE-ID
CVE-2014-4428 : Mike Ryan of iSEC Partners
CFPreferences
Impact: The 'require password after sleep or screen saver begins'
preference may not be respected until after a reboot
Description: A session management issue existed in the handling of
system preference settings. This issue was addressed through improved
session tracking.
CVE-ID
CVE-2014-4425
Certificate Trust Policy
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
http://support.apple.com/kb/HT6005.
CoreStorage
Impact: An encrypted volume may stay unlocked when ejected
Description: When an encrypted volume was logically ejected while
mounted, the volume was unmounted but the keys were retained, so it
could have been mounted again without the password. This issue was
addressed by erasing the keys on eject.
CVE-ID
CVE-2014-4430 : Benjamin King at See Ben Click Computer Services LLC,
Karsten Iwen, Dustin Li (http://dustin.li/), Ken J. Takekoshi, and
other anonymous researchers
CUPS
Impact: A local user can execute arbitrary code with system
privileges
Description: When the CUPS web interface served files, it would
follow symlinks. A local user could create symlinks to arbitrary
files and retrieve them through the web interface. This issue was
addressed by disallowing symlinks to be served via the CUPS web
interface.
CVE-ID
CVE-2014-3537
Dock
Impact: In some circumstances, windows may be visible even when the
screen is locked
Description: A state management issue existed in the handling of the
screen lock. This issue was addressed through improved state
tracking.
CVE-ID
CVE-2014-4431 : Emil Sjolander of Umea University
fdesetup
Impact: The fdesetup command may provide misleading status for the
state of encryption on disk
Description: After updating settings, but before rebooting, the
fdesetup command provided misleading status. This issue was addressed
through improved status reporting.
CVE-ID
CVE-2014-4432
iCloud Find My Mac
Impact: iCloud Lost mode PIN may be bruteforced
Description: A state persistence issue in rate limiting allowed
brute force attacks on iCloud Lost mode PIN. This issue was addressed
through improved state persistence across reboots.
CVE-ID
CVE-2014-4435 : knoy
IOAcceleratorFamily
Impact: An application may cause a denial of service
Description: A NULL pointer dereference was present in the
IntelAccelerator driver. The issue was addressed through improved
error handling.
CVE-ID
CVE-2014-4373 : cunzhang from Adlab of Venustech
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Impact: An application may cause a denial of service
Description: A out-of-bounds memory read was present in the
IOHIDFamily driver. The issue was addressed through improved input
validation.
CVE-ID
CVE-2014-4436 : cunzhang from Adlab of Venustech
IOHIDFamily
Impact: A user may be able to execute arbitrary code with system
privileges
Description: An out-of-bounds write issue exited in the IOHIDFamily
driver. The issue was addressed through improved input validation.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
IOKit
Impact: A malicious application may be able to read uninitialized
data from kernel memory
Description: An uninitialized memory access issue existed in the
handling of IOKit functions. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2014-4407 : @PanguTeam
IOKit
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4418 : Ian Beer of Google Project Zero
Kernel
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Impact: A maliciously crafted file system may cause unexpected
system shutdown or arbitrary code execution
Description: A heap-based buffer overflow issue existed in the
handling of HFS resource forks. A maliciously crafted filesystem may
cause an unexpected system shutdown or arbitrary code execution with
kernel privileges. The issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4433 : Maksymilian Arciemowicz
Kernel
Impact: A malicious file system may cause unexpected system shutdown
Description: A NULL dereference issue existed in the handling of HFS
filenames. A maliciously crafted filesystem may cause an unexpected
system shutdown. This issue was addressed by avoiding the NULL
dereference.
CVE-ID
CVE-2014-4434 : Maksymilian Arciemowicz
Kernel
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A double free issue existed in the handling of Mach
ports. This issue was addressed through improved validation of Mach
ports.
CVE-ID
CVE-2014-4375 : an anonymous researcher
Kernel
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: An out-of-bounds read issue existed in rt_setgate. This
may lead to memory disclosure or memory corruption. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-4408
Kernel
Impact: A local user can cause an unexpected system termination
Description: A reachable panic existed in the handling of messages
sent to system control sockets. This issue was addressed through
additional validation of messages.
CVE-ID
CVE-2014-4442 : Darius Davis of VMware
Kernel
Impact: Some kernel hardening measures may be bypassed
Description: The random number generator used for kernel hardening
measures early in the boot process was not cryptographically secure.
Some of its output was inferable from user space, allowing bypass of
the hardening measures. This issue was addressed by using a
cryptographically secure algorithm.
CVE-ID
CVE-2014-4422 : Tarjei Mandt of Azimuth Security
LaunchServices
Impact: A local application may bypass sandbox restrictions
Description: The LaunchServices interface for setting content type
handlers allowed sandboxed applications to specify handlers for
existing content types. A compromised application could use this to
bypass sandbox restrictions. The issue was addressed by restricting
sandboxed applications from specifying content type handlers.
CVE-ID
CVE-2014-4437 : Meder Kydyraliev of the Google Security Team
LoginWindow
Impact: Sometimes the screen might not lock
Description: A race condition existed in LoginWindow, which would
sometimes prevent the screen from locking. The issue was addressed by
changing the order of operations.
CVE-ID
CVE-2014-4438 : Harry Sintonen of nSense, Alessandro Lobina of
Helvetia Insurances, Patryk Szlagowski of Funky Monkey Labs
Mail
Impact: Mail may send email to unintended recipients
Description: A user interface inconsistency in Mail application
resulted in email being sent to addresses that were removed from the
list of recipients. The issue was addressed through improved user
interface consistency checks.
CVE-ID
CVE-2014-4439 : Patrick J Power of Melbourne, Australia
MCX Desktop Config Profiles
Impact: When mobile configuration profiles were uninstalled, their
settings were not removed
Description: Web proxy settings installed by a mobile configuration
profile were not removed when the profile was uninstalled. This issue
was addressed through improved handling of profile uninstallation.
CVE-ID
CVE-2014-4440 : Kevin Koster of Cloudpath Networks
NetFS Client Framework
Impact: File Sharing may enter a state in which it cannot be
disabled
Description: A state management issue existed in the File Sharing
framework. This issue was addressed through improved state
management.
CVE-ID
CVE-2014-4441 : Eduardo Bonsi of BEARTCOMMUNICATIONS
QuickTime
Impact: Playing a maliciously crafted m4a file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of audio
samples. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4351 : Karl Smith of NCC Group
Safari
Impact: History of pages recently visited in an open tab may remain
after clearing of history
Description: Clearing Safari's history did not clear the
back/forward history for open tabs. This issue was addressed by
clearing the back/forward history.
CVE-ID
CVE-2013-5150
Safari
Impact: Opting in to push notifications from a maliciously crafted
website may cause future Safari Push Notifications to be missed
Description: An uncaught exception issue existed in
SafariNotificationAgent's handling of Safari Push Notifications. This
issue was addressed through improved handling of Safari Push
Notifications.
CVE-ID
CVE-2014-4417 : Marek Isalski of Faelix Limited
Secure Transport
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling CBC cipher suites
when TLS connection attempts fail.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team
Security
Impact: A remote attacker may be able to cause a denial of service
Description: A null dereference existed in the handling of ASN.1
data. This issue was addressed through additional validation of ASN.1
data.
CVE-ID
CVE-2014-4443 : Coverity
Security
Impact: A local user might have access to another user's Kerberos
tickets
Description: A state management issue existed in SecurityAgent.
While Fast User Switching, sometimes a Kerberos ticket for the
switched-to user would be placed in the cache for the previous user.
This issue was addressed through improved state management.
CVE-ID
CVE-2014-4444 : Gary Simon of Sandia National Laboratories, Ragnar
Sundblad of KTH Royal Institute of Technology, Eugene Homyakov of
Kaspersky Lab
Security - Code Signing
Impact: Tampered applications may not be prevented from launching
Description: Apps signed on OS X prior to OS X Mavericks 10.9 or
apps using custom resource rules, may have been susceptible to
tampering that would not have invalidated the signature. On systems
set to allow only apps from the Mac App Store and identified
developers, a downloaded modified app could have been allowed to run
as though it were legitimate. This issue was addressed by ignoring
signatures of bundles with resource envelopes that omit resources
that may influence execution.
CVE-ID
CVE-2014-4391 : Christopher Hickstein working with HP's Zero Day
Initiative
Note: OS X Yosemite includes Safari 8.0, which incorporates
the security content of Safari 7.1. For further details see
"About the security content of Safari 7.1" at
https://support.apple.com/kb/HT6440.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUQCItAAoJEBcWfLTuOo7tVTMQAIpXH2MO4xElrJDdFvz+9hEq
0I/Md7JZMvm66AZZG6AlHPnGn/UfNSD6BxGmuuz2MnVyr3kBTHfGQbsRtoZ/54dZ
OJrFVD+HE+WmjhB2xLoLTMDP5QgdpBY0gpmNF5Ze4tRogpbfrhDQJjjWls4xbB3B
0MYF5Cq+9nMwHquh/gQpp4pRCms+S/3TdHrjunlfnWFJMNT+XTs0Y5+QPZQ8OMAb
lqDGjjjulN3+WLCekIWXX1WeAFjqW5ICSWqt0b8/yWVnLWuYmWvHPC8LrP52+s87
XHgx+9tW/5L+ZMGxfDYKnhkXNsQaFPai1iPgztjz7/c3NON7ogdIbJd290j2GZ2S
CUoozCx2rVn9l7hFYSDP5fHt8x1itvWeH1UX6WP6Ydkf4iXe63ksMaVSFqccEb7r
HlBlx/dE1FuWD+gkOQwDPkKZR1yiMArqrHz1YwC4GZ6/A3aG9B++y1TBCetQO8xs
bFmlhX4Rvmme+NED0Hli7yN/++axkYUfAHTLwnucq1MW+eP9jecsBpFsOMKJ0ika
XrZoquwIM4zQPgY1qBz15Nxeb8lX2IcpL5PKGEeqiKX3SRPerdQKUnUBk1DtHg2h
fl+BG2AfN6uaYGJvGL9G2OX95SylOWW9uoYvfTVafwU7f9tE8RUEStnXhQD00j/r
P2OKoqPuE6SsFq6L2VwF
=Ucxd
-----END PGP SIGNATURE-----
.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks
CFNetwork Cache
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Website cache may not be fully cleared after leaving private
browsing
Description: A privacy issue existed where browsing data could
remain in the cache after leaving private browsing.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program
CPU Software
Available for: OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact: A malicious Thunderbolt device may be able to affect
firmware flashing
Description: Thunderbolt devices could modify the host firmware if
connected during an EFI update. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled.
CVE-ID
CVE-2014-4499 : Sten Petersen
CoreGraphics
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Some third-party applications with non-secure text entry and
mouse events may log those events
Description: Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC
CoreSymbolication
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages.
CVE-ID
CVE-2014-4485 : Apple
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in Intel graphics driver
Description: Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges.
CVE-ID
CVE-2014-4489 : @beist
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2011-2391
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
CVE-ID
CVE-2014-4461 : @PanguTeam
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A malicious JAR file may bypass Gatekeeper checks
Description: An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers
lukemftp
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description: A command injection issue existed in the handling of
HTTP redirects.
CVE-ID
CVE-2014-8517
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8za.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
Sandbox
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Security
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description: An issue existed with how cached application
certificate information was evaluated.
CVE-ID
CVE-2014-8838 : Apple
security_taskgate
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: An app may access keychain items belonging to other apps
Description: An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple
Spotlight
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: The sender of an email could determine the IP address of the
recipient
Description: Spotlight did not check the status of Mail's "Load
remote content in messages" setting.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no
Spotlight
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may save unexpected information to an external
hard drive
Description: An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing.
CVE-ID
CVE-2014-8832 : F-Secure
SpotlightIndex
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Spotlight may display results for files not belonging to the
user
Description: A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero
UserAccountUpdater
Available for: OS X Yosemite v10.10 and v10.10.1
Impact: Printing-related preference files may contain sensitive
information about PDF documents
Description: OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files
| VAR-201411-0262 | CVE-2014-0995 |
SAP NetWeaver Service disruption in a standalone enqueue server (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-201410-0101 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. SAP NetWeaver are prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
SAP NetWeaver 7.01 and 7.20 are vulnerable; other versions may also be affected
| VAR-201411-0218 | CVE-2014-8587 | SAP NetWeaver AS ABAP and SAP HANA Used in SAPCRYPTOLIB In products such as DSA Vulnerability that is forged as a signature |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. Multiple SAP products are prone to to a security vulnerability that may allow attackers to conduct spoofing attacks.
An attacker can exploit this issue to conduct spoofing attacks, disclose sensitive information and perform unauthorized actions. This may aid in further attacks.
The following products are vulnerable:
Versions prior to SAP SAPCRYPTOLIB 5.555.38
Versions prior to SAP SAPSECULIB 8.4.30
Versions prior to SAP CommonCryptoLib 8.4.30
| VAR-201410-1359 | CVE-2014-7281 | Tenda A32 Router Cross-Site Request Forgery Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot. The Tenda A32 Router is a wireless router product from Tenda. A remote attacker could use the vulnerability to restart the device by sending a request to the goform/SysToolReboot URL.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
Tenda A32 running firmware 5.07.53_CN is vulnerable; other versions may also be affected
| VAR-201410-0993 | CVE-2014-3368 | Cisco TelePresence Video Communication Server and Expressway Denial of service in software (DoS) Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.2 allow remote attackers to cause a denial of service (device reload) via a high rate of crafted packets, aka Bug ID CSCui06507. Vendors report this vulnerability Bug ID CSCui06507 Published as.Denial of service via third-party, heavily crafted packets ( Device reload ) May be in a state.
An attacker can exploit this issue to cause the kernel to crash and reload the affected system, denying service to legitimate users.
The issue is documented by Cisco Bug ID CSCui06507
| VAR-201410-0994 | CVE-2014-3369 | Cisco TelePresence Video Communication Server and Expressway Software SIP IX Service disruption in implementations (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The SIP IX implementation in Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allows remote attackers to cause a denial of service (device reload) via crafted SDP packets, aka Bug ID CSCuo42252. Cisco TelePresence VCS and Expressway are prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause the affected device to crash, denying service to legitimate users.
This issue is tracked by Cisco Bug ID CSCuo42252. The vulnerability is caused by the incorrect processing of SDP packets when the program configures the IX filter
| VAR-201410-0995 | CVE-2014-3370 | Cisco TelePresence Video Communication Server and Expressway Service disruption in software (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug IDs CSCum60442 and CSCum60447. Vendors have confirmed this vulnerability Bug ID CSCum60442 and CSCum60447 It is released as.By a third party SDP Service disruption via packets ( Device reload ) There is a possibility of being put into a state. Cisco TelePresence VCS and Expressway are prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause the affected device to crash, denying service to legitimate users.
This issue is being tracked by Cisco Bug IDs CSCum60447 and CSCum60442. The vulnerability is caused by the program not handling SIP packets correctly
| VAR-201410-0058 | CVE-2014-3397 | Cisco TelePresence MCU Software network stack Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The network stack in Cisco TelePresence MCU Software before 4.3(2.30) allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets, aka Bug ID CSCtz35468.
Successful exploits may allow an attacker to cause the device to reload, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCtz35468.
The following products running a vulnerable version of software are affected:
Cisco TelePresence MCU 4200 Series
Cisco TelePresence MCU 4500 Series
Cisco TelePresence MCU MSE 8420. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco). The vulnerability is caused by the program not filtering TCP packets adequately
| VAR-201410-0067 | CVE-2014-3408 | Cisco Prime Optical of Web Cross-site scripting vulnerability in the framework |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCuq80763. The solution helps operators efficiently implement end-to-end circuit creation and manage each node in the converged network through automated configuration and troubleshooting. The vulnerability is caused by the program not validating parameters correctly
| VAR-201410-1300 | CVE-2014-2647 | HP Operations Manager of HP Operations Agent Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: Medium |
Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04472444
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04472444
Version: 2
HPSBMU03126 rev.2 - HP Operations Manager/Operations Agent, Remote Cross-site
Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible. The vulnerabilities could be exploited
resulting in remote cross-site scripting (XSS).
References:
CVE-2014-2647 (SSRT101643, SSRT101670) Cross-site Scripting (XSS)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The
Communications Broker facilitates communications between the two.
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-2647 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Jake Bernier and Matt Schmidt for
reporting CVE-2014-2647 to security-alert@hp.com.
Product
Download Location
HP Operations OS Instance v11.13
Download from SSO or
https://softwaresupport.hp.com/group/softwaresupport/home
HP Operations OS Instance v11.14
Download from SSO or
https://softwaresupport.hp.com/group/softwaresupport/home
Workaround and Hotfixes
Please contact HP Software Support for hotfixes on any other supported
versions of HP Operations Agent.
NOTE: If a higher version** of fixes is already installed (mentioned below),
no action required for this problem.
Product
Component Version
HP Operations OS Instance v11.05
HPOvBbc 11.05.024
HP Operations OS Instance v11.11
HPOvBbc 11.11.103
HP Operations OS Instance v11.12
HPOvBbc 11.12.022
** For verifying the version of the HP Operations Agent software components
on the system, you can use the following HP Operations Agent command:
ovdeploy -inv
Without the above hotfix, the following configuration variable can be set on
HP Operations Agent, to avoid this vulnerability being exploited over the
network. Restart of the Agent processes is not required after the
configuration change.
[bbc.cb]
LOCAL_INFO_ONLY=TRUE
Note: For unsupported versions, including versions of HP Operations Agent
v8.60.501 and below, setting the above configuration variable is the only
workaround available.
HISTORY
Version:1 (rev.1) - 15 October 2014 Initial release
Version:2 (rev.2) - 17 October 2014 Revised download location, resolution,
product description, and title
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlRFLwoACgkQ4B86/C0qfVkBwQCgoXQqgmB5VC576OGziGSFiYjf
HdkAni6yGYHWsqMTU1lvDqjPq7kx6s2d
=Fy5y
-----END PGP SIGNATURE-----
| VAR-201410-1144 | CVE-2014-3567 | OpenSSL of t1_lib.c of tls_decrypt_ticket Service disruption in functions (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. OpenSSL is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
OpenSSL prior to 0.9.8zc, 1.0.0o, and 1.0.1j are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04492722
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04492722
Version: 3
HPSBUX03162 SSRT101767 rev.3 - HP-UX Running OpenSSL, Remote Denial of
Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2014-10-28
Last Updated: 2014-12-11
Potential Security Impact: Remote Denial of Service (DoS), unauthorized
access, man-in-the-middle (MitM) attack
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX running
OpenSSL. These vulnerabilities could be exploited remotely to create a Denial
of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM)
attack.
This is the SSLv3 vulnerability known as "Padding Oracle On Downgraded Legacy
Encryption" also known as "POODLE", which could be exploited remotely to
allow disclosure of information.
References:
CVE-2014-3566 Man-in-the-Middle (MitM) attack
CVE-2014-3567 Remote Unauthorized Access
CVE-2014-3568 Remote Denial of Service (DoS)
SSRT101767
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zc
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1
CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to resolve these vulnerabilities. The
updates are available from the following site.
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber
=OPENSSL11I
HP-UX Release
HP-UX OpenSSL version
B.11.11 (11i v1)
A.00.09.08zc.001_HP-UX_B.11.11_32+64.depot
B.11.23 (11i v2)
A.00.09.08zc.002a_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3)
A.00.09.08zc.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08zc or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08zc.001 or subsequent
HP-UX B.11.23
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08zc.002a or subsequent
HP-UX B.11.31
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08zc.003 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 28 October 2014 Initial release
Version:2 (rev.2) - 3 November 2014 Updated download location
Version:3 (rev.3) - 11 December 2014 updated version of 11i v2 depot for
revised code
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.
This update adds support for the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade
attacks against applications which re-connect using a lower SSL/TLS
protocol version when the initial connection indicating the highest
supported protocol version fails.
This can prevent a forceful downgrade of the communication to SSL 3.0.
The SSL 3.0 protocol was found to be vulnerable to the padding oracle
attack when using block cipher suites in cipher block chaining (CBC) mode.
This issue is identified as CVE-2014-3566, and also known under the alias
POODLE. This SSL 3.0 protocol flaw will not be addressed in a future
update; it is recommended that users configure their applications to
require at least TLS protocol version 1.0 for secure communication. For the update to take effect,
all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied. This flaw allows a man-in-the-middle (MITM)
attacker to decrypt a selected byte of a cipher text in as few as 256
tries if they are able to force a victim application to repeatedly send
the same data over newly created SSL 3.0 connections.
This update adds support for Fallback SCSV to mitigate this issue.
For the stable distribution (wheezy), these problems have been fixed in
version 1.0.1e-2+deb7u13.
For the unstable distribution (sid), these problems have been fixed in
version 1.0.1j-1.
We recommend that you upgrade your openssl packages. The HP Insight Control 7.2.1
Update kit applicable to HP Insight Control 7.2.x installations is available
at the following location:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber
=HPICE
NOTE: Please read the readme.txt file before proceeding with the
installation.
Please refer to the RESOLUTION
section below for a list of impacted products.
Note: mitigation instructions are included below if the following software
updates cannot be applied.
Family
Fixed Version
HP Branded Products Impacted
H3C Branded Products Impacted
3Com Branded Products Impacted
CVE
12900 Switch Series
R1005P15
JG619A HP FF 12910 Switch AC Chassis
JG621A HP FF 12910 Main Processing Unit
JG632A HP FF 12916 Switch AC Chassis
JG634A HP FF 12916 Main Processing Unit
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
12500
R1828P06
JC085A HP A12518 Switch Chassis
JC086A HP A12508 Switch Chassis
JC652A HP 12508 DC Switch Chassis
JC653A HP 12518 DC Switch Chassis
JC654A HP 12504 AC Switch Chassis
JC655A HP 12504 DC Switch Chassis
JF430A HP A12518 Switch Chassis
JF430B HP 12518 Switch Chassis
JF430C HP 12518 AC Switch Chassis
JF431A HP A12508 Switch Chassis
JF431B HP 12508 Switch Chassis
JF431C HP 12508 AC Switch Chassis
JC072B HP 12500 Main Processing Unit
JC808A HP 12500 TAA Main Processing Unit
H3C S12508 Routing Switch(AC-1) (0235A0GE)
H3C S12518 Routing Switch(AC-1) (0235A0GF)
H3C S12508 Chassis (0235A0E6)
H3C S12508 Chassis (0235A38N)
H3C S12518 Chassis (0235A0E7)
H3C S12518 Chassis (0235A38M)
H3C 12508 DC Switch Chassis (0235A38L)
H3C 12518 DC Switch Chassis (0235A38K)
CVE-2014-3566
CVE-2014-3568
12500 (Comware v7)
R7328P04
JC085A HP A12518 Switch Chassis
JC086A HP A12508 Switch Chassis
JC652A HP 12508 DC Switch Chassis
JC653A HP 12518 DC Switch Chassis
JC654A HP 12504 AC Switch Chassis
JC655A HP 12504 DC Switch Chassis
JF430A HP A12518 Switch Chassis
JF430B HP 12518 Switch Chassis
JF430C HP 12518 AC Switch Chassis
JF431A HP A12508 Switch Chassis
JF431B HP 12508 Switch Chassis
JF431C HP 12508 AC Switch Chassis
JC072B HP 12500 Main Processing Unit
JG497A HP 12500 MPU w/Comware V7 OS
JG782A HP FF 12508E AC Switch Chassis
JG783A HP FF 12508E DC Switch Chassis
JG784A HP FF 12518E AC Switch Chassis
JG785A HP FF 12518E DC Switch Chassis
JG802A HP FF 12500E MPU
H3C S12508 Routing Switch(AC-1) (0235A0GE)
H3C S12518 Routing Switch(AC-1) (0235A0GF)
H3C S12508 Chassis (0235A0E6)
H3C S12508 Chassis (0235A38N)
H3C S12518 Chassis (0235A0E7)
H3C S12518 Chassis (0235A38M)
H3C 12508 DC Switch Chassis (0235A38L)
H3C 12518 DC Switch Chassis (0235A38K)
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
11900 Switch Series
R2111P06
JG608A HP FF 11908-V Switch Chassis
JG609A HP FF 11900 Main Processing Unit
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
10500 Switch Series (Comware v5)
R1208P10
JC611A HP 10508-V Switch Chassis
JC612A HP 10508 Switch Chassis
JC613A HP 10504 Switch Chassis
JC614A HP 10500 Main Processing Unit
JC748A HP 10512 Switch Chassis
JG375A HP 10500 TAA Main Processing Unit
JG820A HP 10504 TAA Switch Chassis
JG821A HP 10508 TAA Switch Chassis
JG822A HP 10508-V TAA Switch Chassis
JG823A HP 10512 TAA Switch Chassis
CVE-2014-3566
CVE-2014-3568
10500 Switch Series (Comware v7)
R2111P06
JC611A HP 10508-V Switch Chassis
JC612A HP 10508 Switch Chassis
JC613A HP 10504 Switch Chassis
JC748A HP 10512 Switch Chassis
JG820A HP 10504 TAA Switch Chassis
JG821A HP 10508 TAA Switch Chassis
JG822A HP 10508-V TAA Switch Chassis
JG823A HP 10512 TAA Switch Chassis
JG496A HP 10500 Type A MPU w/Comware v7 OS
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
9500E
R1828P06
JC124A HP A9508 Switch Chassis
JC124B HP 9505 Switch Chassis
JC125A HP A9512 Switch Chassis
JC125B HP 9512 Switch Chassis
JC474A HP A9508-V Switch Chassis
JC474B HP 9508-V Switch Chassis
H3C S9505E Routing-Switch Chassis (0235A0G6)
H3C S9512E Routing-Switch Chassis (0235A0G7)
H3C S9508E-V Routing-Switch Chassis (0235A38Q)
H3C S9505E Chassis w/ Fans (0235A38P)
H3C S9512E Chassis w/ Fans (0235A38R)
CVE-2014-3566
CVE-2014-3568
7900
R2122
JG682A HP FlexFabric 7904 Switch Chassis
JH001A HP FF 7910 2.4Tbps Fabric / MPU
JG842A HP FF 7910 7.2Tbps Fabric / MPU
JG841A HP FF 7910 Switch Chassis
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
7500 Switch Series
R6708P10
JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T
JC697A HP A7502 TAA Main Processing Unit
JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE
JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE
JC700A HP A7500 384 Gbps TAA Fabric / MPU
JC701A HP A7510 768 Gbps TAA Fabric / MPU
JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports
JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports
JD194A HP 384 Gbps Fabric A7500 Module
JD194B HP 7500 384Gbps Fabric Module
JD195A HP 7500 384Gbps Advanced Fabric Module
JD196A HP 7502 Fabric Module
JD220A HP 7500 768Gbps Fabric Module
JD238A HP A7510 Switch Chassis
JD238B HP 7510 Switch Chassis
JD239A HP A7506 Switch Chassis
JD239B HP 7506 Switch Chassis
JD240A HP A7503 Switch Chassis
JD240B HP 7503 Switch Chassis
JD241A HP A7506 Vertical Switch Chassis
JD241B HP 7506-V Switch Chassis
JD242A HP A7502 Switch Chassis
JD242B HP 7502 Switch Chassis
JD243A HP A7503 Switch Chassis w/1 Fabric Slot
JD243B HP 7503-S Switch Chassis w/1 Fabric Slot
H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)
H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)
H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)
H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)
H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)
H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)
H3C S7502E Chassis w/ fans (0235A29A)
H3C S7503E Chassis w/ fans (0235A27R)
H3C S7503E-S Chassis w/ fans (0235A33R)
H3C S7506E Chassis w/ fans (0235A27Q)
H3C S7506E-V Chassis w/ fans (0235A27S)
CVE-2014-3566
CVE-2014-3568
HSR6800
R3303P18
JG361A HP HSR6802 Router Chassis
JG362A HP HSR6804 Router Chassis
JG363A HP HSR6808 Router Chassis
JG364A HP HSR6800 RSE-X2 Router MPU
JG779A HP HSR6800 RSE-X2 Router TAA MPU
CVE-2014-3566
CVE-2014-3568
HSR6800 Russian Version
R3303P18
JG361A HP HSR6802 Router Chassis
JG362A HP HSR6804 Router Chassis
JG363A HP HSR6808 Router Chassis
JG364A HP HSR6800 RSE-X2 Router MPU
JG779A HP HSR6800 RSE-X2 Router TAA MPU
CVE-2014-3566
CVE-2014-3568
HSR6602
R3303P18
JG353A HP HSR6602-G Router
JG354A HP HSR6602-XG Router
JG776A HP HSR6602-G TAA Router
JG777A HP HSR6602-XG TAA Router
JG777A HP HSR6602-XG TAA Router
CVE-2014-3566
CVE-2014-3568
HSR6602 Russian Version
R3303P18
JG353A HP HSR6602-G Router
JG354A HP HSR6602-XG Router
JG776A HP HSR6602-G TAA Router
JG777A HP HSR6602-XG TAA Router
CVE-2014-3566
CVE-2014-3568
6602
R3303P18
JC176A HP 6602 Router Chassis
H3C SR6602 1U Router Host (0235A27D)
CVE-2014-3566
CVE-2014-3568
6602 Russian Version
R3303P18
JC176A HP 6602 Router Chassis
H3C SR6602 1U Router Host (0235A27D)
CVE-2014-3566
CVE-2014-3568
A6600
R3303P18
JC165A HP 6600 RPE-X1 Router Module
JC177A HP 6608 Router
JC177B HP A6608 Router Chassis
JC178A HP 6604 Router Chassis
JC178B HP A6604 Router Chassis
JC496A HP 6616 Router Chassis
JC566A HP A6600 RSE-X1 Main Processing Unit
JG780A HP 6600 RSE-X1 Router TAA MPU
H3C RT-SR66-RPE-X1-H3 (0231A761)
H3C RT-SR6608-OVS-H3 (0235A32X)
H3C RT-SR6604-OVS-H3 (0235A37X)
H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566
CVE-2014-3568
A6600 Russian Version
R3303P18
JC165A HP 6600 RPE-X1 Router Module
JC177A HP 6608 Router
JC177B HP A6608 Router Chassis
JC178A HP 6604 Router Chassis
JC178B HP A6604 Router Chassis
JC496A HP 6616 Router Chassis
JC566A HP A6600 RSE-X1 Main Processing Unit
JG780A HP 6600 RSE-X1 Router TAA MPU
H3C RT-SR66-RPE-X1-H3 (0231A761)
H3C RT-SR6608-OVS-H3 (0235A32X)
H3C RT-SR6604-OVS-H3 (0235A37X)
H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566
CVE-2014-3568
6600 MCP
R3303P18
JC177A HP 6608 Router
JC177B HP A6608 Router Chassis
JC178A HP 6604 Router Chassis
JC178B HP A6604 Router Chassis
JC496A HP 6616 Router Chassis
JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU
JG356A HP 6600 MCP-X2 Router MPU
H3C RT-SR6608-OVS-H3 (0235A32X)
H3C RT-SR6604-OVS-H3 (0235A37X)
H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566
CVE-2014-3568
6600 MCP Russian Version
R3303P18
JC177A HP 6608 Router
JC177B HP A6608 Router Chassis
JC178A HP 6604 Router Chassis
JC178B HP A6604 Router Chassis
JC496A HP 6616 Router Chassis
JG355A HP 6600 MCP-X1 Router MPU
JG356A HP 6600 MCP-X2 Router MPU
JG776A HP HSR6602-G TAA Router
JG777A HP HSR6602-XG TAA Router
JG778A HP 6600 MCP-X2 Router TAA MPU
H3C RT-SR6608-OVS-H3 (0235A32X)
H3C RT-SR6604-OVS-H3 (0235A37X)
H3C SR6616 Router Chassis (0235A41D)
CVE-2014-3566
CVE-2014-3568
5920 Switch Series
R2311P05
JG296A HP 5920AF-24XG Switch
JG555A HP 5920AF-24XG TAA Switch
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
5900 Switch Series
R2311P05
JC772A HP 5900AF-48XG-4QSFP+ Switch
JG336A HP 5900AF-48XGT-4QSFP+ Switch
JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
JG838A HP FF 5900CP-48XG-4QSFP+ Switch
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
5830 Switch Series
R1118P11
JC691A HP A5830AF-48G Switch w/1 Interface Slot
JC694A HP A5830AF-96G Switch
JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot
JG374A HP 5830AF-96G TAA Switch
CVE-2014-3566
CVE-2014-3568
5820 Switch Series
R1809P03
JC102A HP 5820-24XG-SFP+ Switch
JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
JG219A HP 5820AF-24XG Switch
JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots
H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media
modules Plus OSM (0235A37L)
H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T
(RJ45) (0235A370)
CVE-2014-3566
CVE-2014-3568
5800 Switch Series
R1809P03
JC099A HP 5800-24G-PoE Switch
JC100A HP 5800-24G Switch
JC101A HP 5800-48G Switch with 2 Slots
JC103A HP 5800-24G-SFP Switch
JC104A HP 5800-48G-PoE Switch
JC105A HP 5800-48G Switch
JG225A HP 5800AF-48G Switch
JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots
JG254A HP 5800-24G-PoE+ TAA-compliant Switch
JG255A HP 5800-24G TAA-compliant Switch
JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt
JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot
JG258A HP 5800-48G TAA Switch w 1 Intf Slot
H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot
(0235A36U)
H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X
(SFP Plus ) Plus 1 media module PoE (0235A36S)
H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus
media module (no power) (0235A374)
H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus
) Plus media module (0235A379)
H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module
(0235A378)
H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM
(0235A36W)
CVE-2014-3566
CVE-2014-3568
5700
R2311P05
JG894A HP FF 5700-48G-4XG-2QSFP+ Switch
JG895A HP FF 5700-48G-4XG-2QSFP+ TAA Switch
JG896A HP FF 5700-40XG-2QSFP+ Switch
JG897A HP FF 5700-40XG-2QSFP+ TAA Switch
JG898A HP FF 5700-32XGT-8XG-2QSFP+ Switch
JG899A HP FF 5700-32XGT-8XG-2QSFP+ TAA Switch
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
5500 HI Switch Series
R5501P06
JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch
JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch
JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt
JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt
JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt
JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt
JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt
JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt
CVE-2014-3566
CVE-2014-3568
5500 EI Switch Series
R2221P08
JD373A HP 5500-24G DC EI Switch
JD374A HP 5500-24G-SFP EI Switch
JD375A HP 5500-48G EI Switch
JD376A HP 5500-48G-PoE EI Switch
JD377A HP 5500-24G EI Switch
JD378A HP 5500-24G-PoE EI Switch
JD379A HP 5500-24G-SFP DC EI Switch
JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts
JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts
JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts
JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts
JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts
JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts
JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts
H3C S5500-28C-EI Ethernet Switch (0235A253)
H3C S5500-28F-EI Eth Switch AC Single (0235A24U)
H3C S5500-52C-EI Ethernet Switch (0235A24X)
H3C S5500-28C-EI-DC Ethernet Switch (0235A24S)
H3C S5500-28C-PWR-EI Ethernet Switch (0235A255)
H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)
H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)
CVE-2014-3566
CVE-2014-3568
5500 SI Switch Series
R2221P08
JD369A HP 5500-24G SI Switch
JD370A HP 5500-48G SI Switch
JD371A HP 5500-24G-PoE SI Switch
JD372A HP 5500-48G-PoE SI Switch
JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts
JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts
H3C S5500-28C-SI Ethernet Switch (0235A04U)
H3C S5500-52C-SI Ethernet Switch (0235A04V)
H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)
H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)
CVE-2014-3566
CVE-2014-3568
5130 EI switch Series
R3108P03
JG932A HP 5130-24G-4SFP+ EI Switch
JG933A HP 5130-24G-SFP-4SFP+ EI Switch
JG934A HP 5130-48G-4SFP+ EI Switch
JG936A HP 5130-24G-PoE+-4SFP+ EI Swch
JG937A HP 5130-48G-PoE+-4SFP+ EI Swch
JG975A HP 5130-24G-4SFP+ EI BR Switch
JG976A HP 5130-48G-4SFP+ EI BR Switch
JG977A HP 5130-24G-PoE+-4SFP+ EI BR Swch
JG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
5120 EI Switch Series
R2221P08
JE066A HP 5120-24G EI Switch
JE067A HP 5120-48G EI Switch
JE068A HP 5120-24G EI Switch with 2 Slots
JE069A HP 5120-48G EI Switch with 2 Slots
JE070A HP 5120-24G-PoE EI Switch with 2 Slots
JE071A HP 5120-48G-PoE EI Switch with 2 Slots
JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts
JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts
JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts
JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts
JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts
JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts
H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)
H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)
H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)
H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)
H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)
H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)
CVE-2014-3566
CVE-2014-3568
5120 SI switch Series
R1513P95
JE072A HP 5120-48G SI Switch
JE073A HP 5120-16G SI Switch
JE074A HP 5120-24G SI Switch
JG091A HP 5120-24G-PoE+ (370W) SI Switch
JG092A HP 5120-24G-PoE+ (170W) SI Switch
H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)
H3C S5120-20P-SI L2
16GE Plus 4SFP (0235A42B)
H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)
H3C S5120-28P-HPWR-SI (0235A0E5)
H3C S5120-28P-PWR-SI (0235A0E3)
CVE-2014-3566
CVE-2014-3568
4800 G Switch Series
R2221P08
JD007A HP 4800-24G Switch
JD008A HP 4800-24G-PoE Switch
JD009A HP 4800-24G-SFP Switch
JD010A HP 4800-48G Switch
JD011A HP 4800-48G-PoE Switch
3Com Switch 4800G 24-Port (3CRS48G-24-91)
3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)
3Com Switch 4800G 48-Port (3CRS48G-48-91)
3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)
3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)
CVE-2014-3566
CVE-2014-3568
4510G Switch Series
R2221P08
JF428A HP 4510-48G Switch
JF847A HP 4510-24G Switch
3Com Switch 4510G 48 Port (3CRS45G-48-91)
3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)
3Com Switch E4510-24G (3CRS45G-24-91)
CVE-2014-3566
CVE-2014-3568
4210G Switch Series
R2221P08
JF844A HP 4210-24G Switch
JF845A HP 4210-48G Switch
JF846A HP 4210-24G-PoE Switch
3Com Switch 4210-24G (3CRS42G-24-91)
3Com Switch 4210-48G (3CRS42G-48-91)
3Com Switch E4210-24G-PoE (3CRS42G-24P-91)
CVE-2014-3566
CVE-2014-3568
3610 Switch Series
R5319P10
JD335A HP 3610-48 Switch
JD336A HP 3610-24-4G-SFP Switch
JD337A HP 3610-24-2G-2G-SFP Switch
JD338A HP 3610-24-SFP Switch
H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)
H3C S3610-28P - model LS-3610-28P-OVS (0235A22D)
H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)
H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)
CVE-2014-3566
CVE-2014-3568
3600 V2 Switch Series
R2110P03
JG299A HP 3600-24 v2 EI Switch
JG300A HP 3600-48 v2 EI Switch
JG301A HP 3600-24-PoE+ v2 EI Switch
JG301B HP 3600-24-PoE+ v2 EI Switch
JG302A HP 3600-48-PoE+ v2 EI Switch
JG302B HP 3600-48-PoE+ v2 EI Switch
JG303A HP 3600-24-SFP v2 EI Switch
JG304A HP 3600-24 v2 SI Switch
JG305A HP 3600-48 v2 SI Switch
JG306A HP 3600-24-PoE+ v2 SI Switch
JG306B HP 3600-24-PoE+ v2 SI Switch
JG307A HP 3600-48-PoE+ v2 SI Switch
JG307B HP 3600-48-PoE+ v2 SI Switch
CVE-2014-3566
CVE-2014-3568
3100V2
R5203P11
JD313B HP 3100-24-PoE v2 EI Switch
JD318B HP 3100-8 v2 EI Switch
JD319B HP 3100-16 v2 EI Switch
JD320B HP 3100-24 v2 EI Switch
JG221A HP 3100-8 v2 SI Switch
JG222A HP 3100-16 v2 SI Switch
JG223A HP 3100-24 v2 SI Switch
CVE-2014-3566
CVE-2014-3568
3100V2-48
R2110P03
JG315A HP 3100-48 v2 Switch
CVE-2014-3566
CVE-2014-3568
1920
R1105
JG920A HP 1920-8G Switch
JG921A HP 1920-8G-PoE+ (65W) Switch
JG922A HP 1920-8G-PoE+ (180W) Switch
JG923A HP 1920-16G Switch
JG924A HP 1920-24G Switch
JG925A HP 1920-24G-PoE+ (180W) Switch
JG926A HP 1920-24G-PoE+ (370W) Switch
JG927A HP 1920-48G Switch
CVE-2014-3566
CVE-2014-3568
1910 R11XX
R1107
JG536A HP 1910-8 Switch
JG537A HP 1910-8 -PoE+ Switch
JG538A HP 1910-24 Switch
JG539A HP 1910-24-PoE+ Switch
JG540A HP 1910-48 Switch
CVE-2014-3566
CVE-2014-3568
1910 R15XX
R1513P95
JE005A HP 1910-16G Switch
JE006A HP 1910-24G Switch
JE007A HP 1910-24G-PoE (365W) Switch
JE008A HP 1910-24G-PoE(170W) Switch
JE009A HP 1910-48G Switch
JG348A HP 1910-8G Switch
JG349A HP 1910-8G-PoE+ (65W) Switch
JG350A HP 1910-8G-PoE+ (180W) Switch
CVE-2014-3566
CVE-2014-3568
1620
R1104
JG912A HP 1620-8G Switch
JG913A HP 1620-24G Switch
JG914A HP 1620-48G Switch
CVE-2014-3566
CVE-2014-3568
MSR20-1X
R2513P33
JD431A HP MSR20-10 Router
JD667A HP MSR20-15 IW Multi-Service Router
JD668A HP MSR20-13 Multi-Service Router
JD669A HP MSR20-13 W Multi-Service Router
JD670A HP MSR20-15 A Multi-Service Router
JD671A HP MSR20-15 AW Multi-Service Router
JD672A HP MSR20-15 I Multi-Service Router
JD673A HP MSR20-11 Multi-Service Router
JD674A HP MSR20-12 Multi-Service Router
JD675A HP MSR20-12 W Multi-Service Router
JD676A HP MSR20-12 T1 Multi-Service Router
JF236A HP MSR20-15-I Router
JF237A HP MSR20-15-A Router
JF238A HP MSR20-15-I-W Router
JF239A HP MSR20-11 Router
JF240A HP MSR20-13 Router
JF241A HP MSR20-12 Router
JF806A HP MSR20-12-T Router
JF807A HP MSR20-12-W Router
JF808A HP MSR20-13-W Router
JF809A HP MSR20-15-A-W Router
JF817A HP MSR20-15 Router
JG209A HP MSR20-12-T-W Router (NA)
JG210A HP MSR20-13-W Router (NA)
H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)
H3C MSR 20-10 (0235A0A7)
H3C RT-MSR2011-AC-OVS-H3 (0235A395)
H3C RT-MSR2012-AC-OVS-H3 (0235A396)
H3C RT-MSR2012-AC-OVS-W-H3 (0235A397)
H3C RT-MSR2012-T-AC-OVS-H3 (0235A398)
H3C RT-MSR2013-AC-OVS-H3 (0235A390)
H3C RT-MSR2013-AC-OVS-W-H3 (0235A391)
H3C RT-MSR2015-AC-OVS-A-H3 (0235A392)
H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)
H3C RT-MSR2015-AC-OVS-I-H3 (0235A394)
H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)
H3C MSR 20-11 (0235A31V)
H3C MSR 20-12 (0235A32E)
H3C MSR 20-12 T1 (0235A32B)
H3C MSR 20-13 (0235A31W)
H3C MSR 20-13 W (0235A31X)
H3C MSR 20-15 A (0235A31Q)
H3C MSR 20-15 A W (0235A31R)
H3C MSR 20-15 I (0235A31N)
H3C MSR 20-15 IW (0235A31P)
H3C MSR20-12 W (0235A32G)
CVE-2014-3566
CVE-2014-3568
MSR30
R2513P33
JD654A HP MSR30-60 POE Multi-Service Router
JD657A HP MSR30-40 Multi-Service Router
JD658A HP MSR30-60 Multi-Service Router
JD660A HP MSR30-20 POE Multi-Service Router
JD661A HP MSR30-40 POE Multi-Service Router
JD666A HP MSR30-20 Multi-Service Router
JF229A HP MSR30-40 Router
JF230A HP MSR30-60 Router
JF232A HP RT-MSR3040-AC-OVS-AS-H3
JF235A HP MSR30-20 DC Router
JF284A HP MSR30-20 Router
JF287A HP MSR30-40 DC Router
JF801A HP MSR30-60 DC Router
JF802A HP MSR30-20 PoE Router
JF803A HP MSR30-40 PoE Router
JF804A HP MSR30-60 PoE Router
H3C MSR 30-20 Router (0235A328)
H3C MSR 30-40 Router Host(DC) (0235A268)
H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)
H3C RT-MSR3020-DC-OVS-H3 (0235A267)
H3C RT-MSR3040-AC-OVS-H (0235A299)
H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)
H3C RT-MSR3060-AC-OVS-H3 (0235A320)
H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)
H3C RT-MSR3060-DC-OVS-H3 (0235A269)
H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)
H3C MSR 30-20 (0235A19L)
H3C MSR 30-20 POE (0235A239)
H3C MSR 30-40 (0235A20J)
H3C MSR 30-40 POE (0235A25R)
H3C MSR 30-60 (0235A20K)
H3C MSR 30-60 POE (0235A25S)
H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)
CVE-2014-3566
CVE-2014-3568
MSR30-16
R2513P33
JD659A HP MSR30-16 POE Multi-Service Router
JD665A HP MSR30-16 Multi-Service Router
JF233A HP MSR30-16 Router
JF234A HP MSR30-16 PoE Router
H3C RT-MSR3016-AC-OVS-H3 (0235A327)
H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)
H3C MSR 30-16 (0235A237)
H3C MSR 30-16 POE (0235A238)
CVE-2014-3566
CVE-2014-3568
MSR30-1X
R2513P33
JF800A HP MSR30-11 Router
JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
JG182A HP MSR30-11E Router
JG183A HP MSR30-11F Router
JG184A HP MSR30-10 DC Router
H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)
H3C RT-MSR3011-AC-OVS-H3 (0235A29L)
CVE-2014-3566
CVE-2014-3568
MSR50
R2513P33
JD433A HP MSR50-40 Router
JD653A HP MSR50 Processor Module
JD655A HP MSR50-40 Multi-Service Router
JD656A HP MSR50-60 Multi-Service Router
JF231A HP MSR50-60 Router
JF285A HP MSR50-40 DC Router
JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
H3C MSR 50-40 Router (0235A297)
H3C MSR5040-DC-OVS-H3C (0235A20P)
H3C RT-MSR5060-AC-OVS-H3 (0235A298)
H3C MSR 50-40 Chassis (0235A20N)
H3C MSR 50-60 Chassis (0235A20L)
CVE-2014-3566
CVE-2014-3568
MSR50-G2
R2513P33
JD429A HP MSR50 G2 Processor Module
JD429B HP MSR50 G2 Processor Module
H3C H3C MSR 50 Processor Module-G2 (0231A84Q)
H3C MSR 50 High Performance Main Processing Unit 3GE (Combo)
256F/1GD(0231A0KL)
CVE-2014-3566
CVE-2014-3568
MSR20 Russian version
MSR201X_5.20.R2513L40.RU
JD663B HP MSR20-21 Router
JF228A HP MSR20-40 Router
JF283A HP MSR20-20 Router
H3C RT-MSR2020-AC-OVS-H3C (0235A324)
H3C RT-MSR2040-AC-OVS-H3 (0235A326)
CVE-2014-3566
CVE-2014-3568
MSR20-1X Russian version
MSR201X_5.20.R2513L40.RU
JD431A HP MSR20-10 Router
JF236A HP MSR20-15-I Router
JF237A HP MSR20-15-A Router
JF238A HP MSR20-15-I-W Router
JF239A HP MSR20-11 Router
JF240A HP MSR20-13 Router
JF241A HP MSR20-12 Router
JF806A HP MSR20-12-T Router
JF807A HP MSR20-12-W Router
JF808A HP MSR20-13-W Router
JF809A HP MSR20-15-A-W Router
JF817A HP MSR20-15 Router
H3C MSR 20-10 (0235A0A7)
H3C RT-MSR2015-AC-OVS-I-H3 (0235A394)
H3C RT-MSR2015-AC-OVS-A-H3 (0235A392)
H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)
H3C RT-MSR2011-AC-OVS-H3 (0235A395)
H3C RT-MSR2013-AC-OVS-H3 (0235A390)
H3C RT-MSR2012-AC-OVS-H3 (0235A396)
H3C RT-MSR2012-T-AC-OVS-H3 (0235A398)
H3C RT-MSR2012-AC-OVS-W-H3 (0235A397)
H3C RT-MSR2013-AC-OVS-W-H3 (0235A391)
H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)
H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)
CVE-2014-3566
CVE-2014-3568
MSR30 Russian version
MSR201X_5.20.R2513L40.RU
JF229A HP MSR30-40 Router
JF230A HP MSR30-60 Router
JF235A HP MSR30-20 DC Router
JF284A HP MSR30-20 Router
JF287A HP MSR30-40 DC Router
JF801A HP MSR30-60 DC Router
JF802A HP MSR30-20 PoE Router
JF803A HP MSR30-40 PoE Router
JF804A HP MSR30-60 PoE Router
H3C RT-MSR3040-AC-OVS-H (0235A299)
H3C RT-MSR3060-AC-OVS-H3 (0235A320)
H3C RT-MSR3020-DC-OVS-H3 (0235A267)
H3C MSR 30-20 Router (0235A328)
H3C MSR 30-40 Router Host(DC) (0235A268)
H3C RT-MSR3060-DC-OVS-H3 (0235A269)
H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)
H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)
H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)
CVE-2014-3566
CVE-2014-3568
MSR30-16 Russian version
MSR201X_5.20.R2513L40.RU
JF233A HP MSR30-16 Router
JF234A HP MSR30-16 PoE Router
H3C RT-MSR3016-AC-OVS-H3 (0235A327)
H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)
CVE-2014-3566
CVE-2014-3568
MSR30-1X Russian version
MSR201X_5.20.R2513L40.RU
JF800A HP MSR30-11 Router
JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
JG182A HP MSR30-11E Router
JG183A HP MSR30-11F Router
JG184A HP MSR30-10 DC Router
H3C RT-MSR3011-AC-OVS-H3 (0235A29L)
H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)
CVE-2014-3566
CVE-2014-3568
MSR50 Russian version
MSR201X_5.20.R2513L40.RU
JD433A HP MSR50-40 Router
JD653A HP MSR50 Processor Module
JD655A HP MSR50-40 Multi-Service Router
JD656A HP MSR50-60 Multi-Service Router
JF231A HP MSR50-60 Router
JF285A HP MSR50-40 DC Router
JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
H3C MSR 50-40 Router (0235A297)
H3C MSR 50 Processor Module (0231A791)
H3C MSR 50-40 Chassis (0235A20N)
H3C MSR 50-60 Chassis (0235A20L)
H3C RT-MSR5060-AC-OVS-H3 (0235A298)
H3C MSR5040-DC-OVS-H3C (0235A20P)
CVE-2014-3566
CVE-2014-3568
MSR50 G2 Russian version
MSR201X_5.20.R2513L40.RU
JD429B HP MSR50 G2 Processor Module
H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD
(0231A0KL)
CVE-2014-3566
CVE-2014-3568
MSR9XX
R2513P33
JF812A HP MSR900 Router
JF813A HP MSR920 Router
JF814A HP MSR900-W Router
JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr
JG207A HP MSR900-W Router (NA)
JG208A HP MSR920-W Router (NA)
H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b
(0235A0C2)
H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)
H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)
H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)
CVE-2014-3566
CVE-2014-3568
MSR93X
R2513P33
JG512A HP MSR930 Wireless Router
JG513A HP MSR930 3G Router
JG514A HP MSR931 Router
JG515A HP MSR931 3G Router
JG516A HP MSR933 Router
JG517A HP MSR933 3G Router
JG518A HP MSR935 Router
JG519A HP MSR935 Wireless Router
JG520A HP MSR935 3G Router
JG531A HP MSR931 Dual 3G Router
JG596A HP MSR930 4G LTE/3G CDMA Router
JG597A HP MSR936 Wireless Router
JG665A HP MSR930 4G LTE/3G WCDMA Global Router
JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
CVE-2014-3566
CVE-2014-3568
MSR1000
R2513P33
JG732A HP MSR1003-8 AC Router
CVE-2014-3566
CVE-2014-3568
MSR1000 Russian version
R2513L40.RU
JG732A HP MSR1003-8 AC Router
CVE-2014-3566
CVE-2014-3568
MSR2000
R0106P18
JG411A HP MSR2003 AC Router
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
MSR3000
R0106P18
JG404A HP MSR3064 Router
JG405A HP MSR3044 Router
JG406A HP MSR3024 AC Router
JG409A HP MSR3012 AC Router
JG861A HP MSR3024 TAA-compliant AC Router
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
MSR4000
R0106P18
JG402A HP MSR4080 Router Chassis
JG403A HP MSR4060 Router Chassis
JG412A HP MSR4000 MPU-100 Main Processing Unit
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
F5000
F3210P22
JG216A HP F5000 Firewall Standalone Chassis
JD259A HP A5000-A5 VPN Firewall Chassis
H3C SecPath F5000-A5 Host System (0150A0AG)
CVE-2014-3566
CVE-2014-3568
F5000-C
R3811P03
JG650A HP F5000-C VPN Firewall Appliance
CVE-2014-3566
CVE-2014-3568
F5000-S
R3811P03
JG370A HP F5000-S VPN Firewall Appliance
CVE-2014-3566
CVE-2014-3568
U200S and CS
F5123P30
JD268A HP 200-CS UTM Appliance
JD273A HP U200-S UTM Appliance
H3C SecPath U200-S (0235A36N)
CVE-2014-3566
CVE-2014-3568
U200A and M
F5123P30
JD274A HP 200-M UTM Appliance
JD275A HP U200-A UTM Appliance
H3C SecPath U200-A (0235A36Q)
CVE-2014-3566
CVE-2014-3568
SecBlade III
R3820P03
JG371A HP 12500 20Gbps VPN Firewall Module
JG372A HP 10500/11900/7500 20Gbps VPN FW Mod
CVE-2014-3566
CVE-2014-3568
SecBlade FW
R3181P05
JC635A HP 12500 VPN Firewall Module
JD245A HP 9500 VPN Firewall Module
JD249A HP 10500/7500 Advanced VPN Firewall Mod
JD250A HP 6600 Firewall Processing Rtr Module
JD251A HP 8800 Firewall Processing Module
JD255A HP 5820 VPN Firewall Module
H3C S9500E SecBlade VPN Firewall Module (0231A0AV)
H3C S7500E SecBlade VPN Firewall Module (0231A832)
H3C SR66 Gigabit Firewall Module (0231A88A)
H3C SR88 Firewall Processing Module (0231A88L)
H3C S5820 SecBlade VPN Firewall Module (0231A94J)
CVE-2014-3566
CVE-2014-3568
F1000-E
R3181P05
JD272A HP F1000-E VPN Firewall Appliance
CVE-2014-3566
CVE-2014-3568
F1000-A
R3734P06
JG214A HP F1000-A-EI VPN Firewall Appliance
CVE-2014-3566
CVE-2014-3568
F1000-S
R3734P06
JG213A HP F1000-S-EI VPN Firewall Appliance
CVE-2014-3566
CVE-2014-3568
SecBlade SSL VPN
Fix in Progress
Use Mitigation
JD253A HP 10500/7500 SSL VPN Mod w 500-user Lic
CVE-2014-3566
CVE-2014-3568
VSR1000
R0204P01
JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
JG811AAE HP VSR1001 Comware 7 Virtual Services Router
JG812AAE HP VSR1004 Comware 7 Virtual Services Router
JG813AAE HP VSR1008 Comware 7 Virtual Services Router
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
WX5002/5004
R2507P34
JD441A HP 5800 ACM for 64-256 APs
JD447B HP WX5002 Access Controller
JD448A HP A-WX5004 Access Controller
JD448B HP WX5004 Access Controller
JD469A HP A-WX5004 (3Com) Access Controller
JG261A HP 5800 Access Controller OAA TAA Mod
CVE-2014-3566
CVE-2014-3568
HP 850/870
R2607P34
JG723A HP 870 Unified Wired-WLAN Appliance
JG725A HP 870 Unifd Wrd-WLAN TAA Applnc
JG722A HP 850 Unified Wired-WLAN Appliance
JG724A HP 850 Unifd Wrd-WLAN TAA Applnc
CVE-2014-3566
CVE-2014-3568
HP 830
R3507P34
JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch
JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch
JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch
JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch
CVE-2014-3566
CVE-2014-3568
HP 6000
R2507P34
JG639A HP 10500/7500 20G Unified Wired-WLAN Mod
JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod
CVE-2014-3566
CVE-2014-3568
VCX
Fix in Progress
Use Mitigation
J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
JC517A HP VCX V7205 Platform w/DL 360 G6 Server
JE355A HP VCX V6000 Branch Platform 9.0
JC516A HP VCX V7005 Platform w/DL 120 G6 Server
JC518A HP VCX Connect 200 Primry 120 G6 Server
J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
JE341A HP VCX Connect 100 Secondary
JE252A HP VCX Connect Primary MIM Module
JE253A HP VCX Connect Secondary MIM Module
JE254A HP VCX Branch MIM Module
JE355A HP VCX V6000 Branch Platform 9.0
JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
JD023A HP MSR30-40 Router with VCX MIM Module
JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
JE340A HP VCX Connect 100 Pri Server 9.0
JE342A HP VCX Connect 100 Sec Server 9.0
CVE-2014-3566
CVE-2014-3568
iMC PLAT
iMC PLAT v7.1 E0303P06
JD125A HP IMC Std S/W Platform w/100-node
JD126A HP IMC Ent S/W Platform w/100-node
JD808A HP IMC Ent Platform w/100-node License
JD815A HP IMC Std Platform w/100-node License
JF377A HP IMC Std S/W Platform w/100-node Lic
JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
JF378A HP IMC Ent S/W Platform w/200-node Lic
JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
JG659AAE HP IMC Smart Connect VAE E-LTU
JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
CVE-2014-3566
iMC UAM
iMC UAM v7.1 E0302P07
JD144A HP IMC UAM S/W Module w/200-User License
JF388A HP IMC UAM S/W Module w/200-user License
JF388AAE HP IMC UAM S/W Module w/200-user E-LTU
JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU
CVE-2014-3513
CVE-2014-3566
CVE-2014-3567
iMC WSM
Fix in Progress
Use Mitigation
JD456A HP WSM Plug-in for IMC
Includes 50 Aps
JF414A HP IMC WSM S/W Module with 50-AP License
JF414AAE HP IMC WSM S/W Module with 50-AP E-LTU
JG551AAE HP PMM to IMC WSM Upgr w/250 AP E-LTU
JG769AAE HP PMM to IMC WSM Upg w/ 250-node E-LTU
CVE-2014-3513
CVE-2014-3566
CVE-2014-3567
A
Fixes in progress
use mitigations
J9565A HP 2615-8-PoE Switch
J9562A HP 2915-8G-PoE Switch
E
Fixes in progress
use mitigations
J4850A HP ProCurve Switch 5304xl
J8166A HP ProCurve Switch 5304xl-32G
J4819A HP ProCurve Switch 5308xl
J8167A HP ProCurve Switch 5308xl-48G
J4849A HP ProCurve Switch 5348xl
J4849B HP ProCurve Switch 5348xl
J4848A HP ProCurve Switch 5372xl
J4848B HP ProCurve Switch 5372xl
F
Fixes in progress
use mitigations
J4812A HP ProCurve 2512 Switch
J4813A HP ProCurve 2524 Switch
J4817A HP ProCurve 2312 Switch
J4818A HP ProCurve 2324 Switch
H.07
Fixes in progress
use mitigations
J4902A HP ProCurve 6108 Switch
H.10
Fixes in progress
use mitigations
J8762A HP E2600-8-PoE Switch
J4900A HP PROCURVE SWITCH 2626
J4900B HP ProCurve Switch 2626
J4900C ProCurve Switch 2626
J4899A HP ProCurve Switch 2650
J4899B HP ProCurve Switch 2650
J4899C ProCurve Switch 2650
J8164A ProCurve Switch 2626-PWR
J8165A HP ProCurve Switch 2650-PWR
i.10
Fixes in progress
use mitigations
J4903A ProCurve Switch 2824
J4904A HP ProCurve Switch 2848
J
Fixes in progress
use mitigations
J9299A HP 2520-24G-PoE Switch
J9298A HP 2520-8G-PoE Switch
K
Fixes in progress
use mitigations
J8692A HP 3500-24G-PoE yl Switch
J8693A HP 3500-48G-PoE yl Switch
J9310A HP 3500-24G-PoE+ yl Switch
J9311A HP 3500-48G-PoE+ yl Switch
J9470A HP 3500-24 Switch
J9471A HP 3500-24-PoE Switch
J9472A HP 3500-48 Switch
J9473A HP 3500-48-PoE Switch
J8697A HP E5406 zl Switch Chassis
J8699A HP 5406-48G zl Switch
J9447A HP 5406-44G-PoE+-4SFP zl Switch
J9533A HP 5406-44G-PoE+-2XG v2 zl Swch w Pm SW
J9539A HP 5406-44G-PoE+-4G v2 zl Swch w Prm SW
J9642A HP 5406 zl Switch with Premium Software
J9866A HP 5406 8p10GT 8p10GE Swch and Psw
J8698A HP E5412 zl Switch Chassis
J8700A HP 5412-96G zl Switch
J9448A HP 5412-92G-PoE+-4SFP zl Switch
J9532A HP 5412-92G-PoE+-2XG v2 zl Swch w Pm SW
J9540A HP 5412-92G-PoE+-4G v2 zl Swch w Prm SW
J9643A HP 5412 zl Switch with Premium Software
J8992A HP 6200-24G-mGBIC yl Switch
J9263A HP E6600-24G Switch
J9264A HP 6600-24G-4XG Switch
J9265A HP 6600-24XG Switch
J9451A HP E6600-48G Switch
J9452A HP 6600-48G-4XG Switch
J9475A HP E8206 zl Switch Base System
J9638A HP 8206-44G-PoE+-2XG v2 zl Swch w Pm SW
J9640A HP 8206 zl Switch w/Premium Software
J8715A ProCurve Switch 8212zl Base System
J8715B HP E8212 zl Switch Base System
J9091A ProCurve Switch 8212zl Chassis&Fan Tray
J9639A HP 8212-92G-PoE+-2XG v2 zl Swch w Pm SW
J9641A HP 8212 zl Switch with Premium SW
KA
Fixes in progress
use mitigations
J9573A HP 3800-24G-PoE+-2SFP+ Switch
J9574A HP 3800-48G-PoE+-4SFP+ Switch
J9575A HP 3800-24G-2SFP+ Switch
J9576A HP 3800-48G-4SFP+ Switch
J9584A HP 3800-24SFP-2SFP+ Switch
J9585A HP 3800-24G-2XG Switch
J9586A HP 3800-48G-4XG Switch
J9587A HP 3800-24G-PoE+-2XG Switch
J9588A HP 3800-48G-PoE+-4XG Switch
KB
Fixes in progress
use mitigations
J9821A HP 5406R zl2 Switch
J9822A HP 5412R zl2 Switch
J9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch
J9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch
J9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch
J9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch
J9850A HP 5406R zl2 Switch
J9851A HP 5412R zl2 Switch
J9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch
L
Fixes in progress
use mitigations
J8772B HP 4202-72 Vl Switch
J8770A HP 4204 Vl Switch Chassis
J9064A HP 4204-44G-4SFP Vl Switch
J8773A HP 4208 Vl Switch Chassis
J9030A HP 4208-68G-4SFP Vl Switch
J8775B HP 4208-96 Vl Switch
J8771A ProCurve Switch 4202VL-48G
J8772A ProCurve Switch 4202VL-72
J8774A ProCurve Switch 4208VL-64G
J8775A ProCurve Switch 4208VL-96
M.08
Fixes in progress
use mitigations
J8433A HP 6400-6XG cl Switch
J8474A HP 6410-6XG cl Switch
M.10
Fixes in progress
use mitigations
J4906A HP E3400-48G cl Switch
J4905A HP ProCurve Switch 3400cl-24G
N
Fixes in progress
use mitigations
J9021A HP 2810-24G Switch
J9022A HP 2810-48G Switch
PA
Fixes in progress
use mitigations
J9029A ProCurve Switch 1800-8G
PB
Fixes in progress
use mitigations
J9028A ProCurve Switch 1800-24G
J9028B ProCurve Switch 1800-24G
Q
Fixes in progress
use mitigations
J9019B HP 2510-24 Switch
J9019A ProCurve Switch 2510-24
R
Fixes in progress
use mitigations
J9085A HP 2610-24 Switch
J9087A HP 2610-24-PoE Switch
J9086A HP 2610-24-PPoE Switch
J9088A HP 2610-48 Switch
J9089A HP 2610-48-PoE Switch
RA
Fixes in progress
use mitigations
J9623A HP 2620-24 Switch
J9624A HP 2620-24-PPoE+ Switch
J9625A HP 2620-24-PoE+ Switch
J9626A HP 2620-48 Switch
J9627A HP 2620-48-PoE+ Switch
S
Fixes in progress
use mitigations
J9138A HP 2520-24-PoE Switch
J9137A HP 2520-8-PoE Switch
T
Fixes in progress
use mitigations
J9049A ProCurve Switch 2900- 24G
J9050A ProCurve Switch 2900 48G
U
Fixes in progress
use mitigations
J9020A HP 2510-48 Switch
VA
Fixes in progress
use mitigations
J9079A HP 1700-8 Switch
VB
Fixes in progress
use mitigations
J9080A HP 1700-24 Switch
W
Fixes in progress
use mitigations
J9145A HP 2910-24G al Switch
J9146A HP 2910-24G-PoE+ al Switch
J9147A HP 2910-48G al Switch
J9148A HP 2910-48G-PoE+ al Switch
WB
Fixes in progress
use mitigations
J9726A HP 2920-24G Switch
J9727A HP 2920-24G-POE+ Switch
J9728A HP 2920-48G Switch
J9729A HP 2920-48G-POE+ Switch
J9836A HP 2920-48G-POE+ 740W Switch
Y
Fixes in progress
use mitigations
J9279A HP 2510-24G Switch
J9280A HP 2510-48G Switch
YA
Fixes in progress
use mitigations
J9772A HP 2530-48G-PoE+ Switch
J9773A HP 2530-24G-PoE+ Switch
J9774A HP 2530-8G-PoE+ Switch
J9775A HP 2530-48G Switch
J9776A HP 2530-24G Switch
J9777A HP 2530-8G Switch
J9778A HP 2530-48-PoE+ Switch
J9781A HP 2530-48 Switch
J9853A HP 2530-48G-PoE+-2SFP+ Switch
J9854A HP 2530-24G-PoE+-2SFP+ Switch
J9855A HP 2530-48G-2SFP+ Switch
J9856A HP 2530-24G-2SFP+ Switch
YB
Fixes in progress
use mitigations
J9779A HP 2530-24-PoE+ Switch
J9780A HP 2530-8-PoE+ Switch
J9782A HP 2530-24 Switch
J9783A HP 2530-8 Switch
MSM 6.5
6.5.1.0
J9420A HP MSM760 Premium Mobility Controller
J9421A HP MSM760 Access Controller
J9370A HP MSM765 Zl Premium Mobility Controller
J9693A HP MSM720 Access Controller (WW)
J9694A HP MSM720 Premium Mobility Cntlr (WW)
J9695A HP MSM720 TAA Access Controller
J9696A HP MSM720 TAA Premium Mobility Cntlr
J9840A HP MSM775 zl Premium Controller Module
J9845A HP 560 Wireless 802.11ac (AM) AP
J9846A HP 560 Wireless 802.11ac (WW) AP
J9847A HP 560 Wireless 802.11ac (JP) AP
J9848A HP 560 Wireless 802.11ac (IL) AP
J9358A HP E-MSM422 Access Point (US)
J9358B HP MSM422 Access Point (US)
J9359A HP E-MSM422 Access Point (WW)
J9359B HP MSM422 Access Point (WW)
J9530A HP E-MSM422 Access Point (JP)
J9530B HP MSM422 Access Point (JP)
J9617A HP MSM422 Dual Radio 802.11n AP (IL)
J9426A HP E-MSM410 Access Point (US)
J9426B HP MSM410 Access Point (US)
J9427A HP E-MSM410 Access Point (WW)
J9427B HP MSM410 Access Point (WW)
J9427C HP MSM410 Access Point (WW)
J9529A HP E-MSM410 Access Point (JP)
J9529B HP MSM410 Access Point (JP)
J9589A HP MSM460 Dual Radio 802.11n AP (JP)
J9590A HP MSM460 Dual Radio 802.11n AP (AM)
J9591A HP MSM460 Dual Radio 802.11n AP (WW)
J9616A HP MSM410 Single Radio 802.11n AP (IL)
J9618A HP MSM460 Dual Radio 802.11n AP (IL)
J9619A HP MSM466 Dual Radio 802.11n AP (IL)
J9620A HP MSM466 Dual Radio 802.11n AP (JP)
J9621A HP MSM466 Dual Radio 802.11n AP (AM)
J9622A HP MSM466 Dual Radio 802.11n AP (WW)
J9650A HP MSM430 Dual Radio 802.11n AP (AM)
J9651A HP MSM430 Dual Radio 802.11n AP (WW)
J9652A HP MSM430 Dual Radio 802.11n AP (JP)
J9653A HP MSM430 Dual Radio 802.11n AP (IL)
J9654A HP MSM430 Dual Radio 802.11n TAA AP
J9655A HP MSM460 Dual Radio 802.11n TAA AP
J9656A HP MSM466 Dual Radio 802.11n TAA AP
J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)
J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)
J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)
J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)
MSM 6.4
6.4.2.1
J9840A HP MSM775 zl Premium Controller Module
J9370A HP MSM765 Zl Premium Mobility Controller
J9420A HP MSM760 Premium Mobility Controller
J9421A HP MSM760 Access Controller
J9693A HP MSM720 Access Controller (WW)
J9694A HP MSM720 Premium Mobility Cntlr (WW)
J9695A HP MSM720 TAA Access Controller
J9696A HP MSM720 TAA Premium Mobility Cntlr
J9426A HP E-MSM410 Access Point (US)
J9426B HP MSM410 Access Point (US)
J9427A HP E-MSM410 Access Point (WW)
J9427B HP MSM410 Access Point (WW)
J9427C HP MSM410 Access Point (WW)
J9529A HP E-MSM410 Access Point (JP)
J9529B HP MSM410 Access Point (JP)
J9589A HP MSM460 Dual Radio 802.11n AP (JP)
J9590A HP MSM460 Dual Radio 802.11n AP (AM)
J9591A HP MSM460 Dual Radio 802.11n AP (WW)
J9616A HP MSM410 Single Radio 802.11n AP (IL)
J9618A HP MSM460 Dual Radio 802.11n AP (IL)
J9619A HP MSM466 Dual Radio 802.11n AP (IL)
J9620A HP MSM466 Dual Radio 802.11n AP (JP)
J9621A HP MSM466 Dual Radio 802.11n AP (AM)
J9622A HP MSM466 Dual Radio 802.11n AP (WW)
J9650A HP MSM430 Dual Radio 802.11n AP (AM)
J9651A HP MSM430 Dual Radio 802.11n AP (WW)
J9652A HP MSM430 Dual Radio 802.11n AP (JP)
J9653A HP MSM430 Dual Radio 802.11n AP (IL)
J9654A HP MSM430 Dual Radio 802.11n TAA AP
J9655A HP MSM460 Dual Radio 802.11n TAA AP
J9656A HP MSM466 Dual Radio 802.11n TAA AP
J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)
J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)
J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)
J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)
J9358A HP E-MSM422 Access Point (US)
J9358B HP MSM422 Access Point (US)
J9359A HP E-MSM422 Access Point (WW)
J9359B HP MSM422 Access Point (WW)
J9530A HP E-MSM422 Access Point (JP)
J9530B HP MSM422 Access Point (JP)
J9617A HP MSM422 Dual Radio 802.11n AP (IL)
MSM 6.3
6.3.1.0
J9529B HP MSM410 Access Point (JP)
J9589A HP MSM460 Dual Radio 802.11n AP (JP)
J9590A HP MSM460 Dual Radio 802.11n AP (AM)
J9591A HP MSM460 Dual Radio 802.11n AP (WW)
J9616A HP MSM410 Single Radio 802.11n AP (IL)
J9618A HP MSM460 Dual Radio 802.11n AP (IL)
J9619A HP MSM466 Dual Radio 802.11n AP (IL)
J9620A HP MSM466 Dual Radio 802.11n AP (JP)
J9621A HP MSM466 Dual Radio 802.11n AP (AM)
J9622A HP MSM466 Dual Radio 802.11n AP (WW)
J9650A HP MSM430 Dual Radio 802.11n AP (AM)
J9651A HP MSM430 Dual Radio 802.11n AP (WW)
J9652A HP MSM430 Dual Radio 802.11n AP (JP)
J9653A HP MSM430 Dual Radio 802.11n AP (IL)
J9654A HP MSM430 Dual Radio 802.11n TAA AP
J9655A HP MSM460 Dual Radio 802.11n TAA AP
J9656A HP MSM466 Dual Radio 802.11n TAA AP
J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)
J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)
J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)
J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)
J9356A HP E-MSM335 Access Point (US)
J9356B HP MSM335 Access Point (US)
J9357A HP E-MSM335 Access Point (WW)
J9357B HP MSM335 Access Point (WW)
J9358A HP E-MSM422 Access Point (US)
J9358B HP MSM422 Access Point (US)
J9359A HP E-MSM422 Access Point (WW)
J9359B HP MSM422 Access Point (WW)
J9530A HP E-MSM422 Access Point (JP)
J9530B HP MSM422 Access Point (JP)
J9617A HP MSM422 Dual Radio 802.11n AP (IL)
J9360A HP E-MSM320 Access Point (US)
J9360B HP MSM320 Access Point (US)
J9364A HP E-MSM320 Access Point (WW)
J9364B HP MSM320 Access Point (WW)
J9365A HP MSM320-R Access Point (US)
J9365B HP MSM320-R Access Point (US)
J9368A HP E-MSM320-R Access Point (WW)
J9368B HP MSM320-R Access Point (WW)
J9373A HP E-MSM325 Access Point (WW)
J9373B HP MSM325 Access Point (WW)
J9374A HP E-MSM310 Access Point (US)
J9374B HP MSM310 Access Point (US)
J9379A HP MSM310 Access Point (WW)
J9379B HP MSM310 Access Point (WW)
J9380A HP E-MSM310-R Access Point (US)
J9380B HP MSM310-R Access Point (US)
J9383A HP E-MSM310-R Access Point (WW)
J9383B HP MSM310-R Access Point (WW)
J9524A HP E-MSM310 Access Point (JP)
J9524B HP MSM310 Access Point (JP)
J9527A HP E-MSM320 Access Point (JP)
J9527B HP MSM320 Access Point (JP)
J9528A HP E-MSM320-R Access Point (JP)
J9528B HP MSM320-R Access Point (JP)
MSM 6.2
6.2.1.2
J9370A HP MSM765 Zl Premium Mobility Controller
J9356A HP E-MSM335 Access Point (US)
J9356B HP MSM335 Access Point (US)
J9357A HP E-MSM335 Access Point (WW)
J9357B HP MSM335 Access Point (WW)
J9358A HP E-MSM422 Access Point (US)
J9358B HP MSM422 Access Point (US)
J9359A HP E-MSM422 Access Point (WW)
J9359B HP MSM422 Access Point (WW)
J9530A HP E-MSM422 Access Point (JP)
J9530B HP MSM422 Access Point (JP)
J9617A HP MSM422 Dual Radio 802.11n AP (IL)
J9420A HP MSM760 Premium Mobility Controller
J9421A HP MSM760 Access Controller
J9840A HP MSM775 zl Premium Controller Module
J9360A HP E-MSM320 Access Point (US)
J9360B HP MSM320 Access Point (US)
J9364A HP E-MSM320 Access Point (WW)
J9364B HP MSM320 Access Point (WW)
J9365A HP MSM320-R Access Point (US)
J9365B HP MSM320-R Access Point (US)
J9368A HP E-MSM320-R Access Point (WW)
J9368B HP MSM320-R Access Point (WW)
J9373A HP E-MSM325 Access Point (WW)
J9373B HP MSM325 Access Point (WW)
J9374A HP E-MSM310 Access Point (US)
J9374B HP MSM310 Access Point (US)
J9379A HP MSM310 Access Point (WW)
J9379B HP MSM310 Access Point (WW)
J9380A HP E-MSM310-R Access Point (US)
J9380B HP MSM310-R Access Point (US)
J9383A HP E-MSM310-R Access Point (WW)
J9383B HP MSM310-R Access Point (WW)
J9524A HP E-MSM310 Access Point (JP)
J9524B HP MSM310 Access Point (JP)
J9527A HP E-MSM320 Access Point (JP)
J9527B HP MSM320 Access Point (JP)
J9528A HP E-MSM320-R Access Point (JP)
J9528B HP MSM320-R Access Point (JP)
J9426A HP E-MSM410 Access Point (US)
J9426B HP MSM410 Access Point (US)
J9427A HP E-MSM410 Access Point (WW)
J9427B HP MSM410 Access Point (WW)
J9427C HP MSM410 Access Point (WW)
J9529A HP E-MSM410 Access Point (JP)
J9529B HP MSM410 Access Point (JP)
J9589A HP MSM460 Dual Radio 802.11n AP (JP)
J9590A HP MSM460 Dual Radio 802.11n AP (AM)
J9591A HP MSM460 Dual Radio 802.11n AP (WW)
J9616A HP MSM410 Single Radio 802.11n AP (IL)
J9618A HP MSM460 Dual Radio 802.11n AP (IL)
J9619A HP MSM466 Dual Radio 802.11n AP (IL)
J9620A HP MSM466 Dual Radio 802.11n AP (JP)
J9621A HP MSM466 Dual Radio 802.11n AP (AM)
J9622A HP MSM466 Dual Radio 802.11n AP (WW)
J9650A HP MSM430 Dual Radio 802.11n AP (AM)
J9651A HP MSM430 Dual Radio 802.11n AP (WW)
J9652A HP MSM430 Dual Radio 802.11n AP (JP)
J9653A HP MSM430 Dual Radio 802.11n AP (IL)
J9654A HP MSM430 Dual Radio 802.11n TAA AP
J9655A HP MSM460 Dual Radio 802.11n TAA AP
J9656A HP MSM466 Dual Radio 802.11n TAA AP
J9715A HP E-MSM466-R Dual Radio 802.11n AP (AM)
J9716A HP E-MSM466-R Dual Radio 802.11n AP (WW)
J9717A HP E-MSM466-R Dual Radio 802.11n AP (JP)
J9718A HP E-MSM466-R Dual Radio 802.11n AP (IL)
J9693A HP MSM720 Access Controller (WW)
J9694A HP MSM720 Premium Mobility Cntlr (WW)
J9695A HP MSM720 TAA Access Controller
J9696A HP MSM720 TAA Premium Mobility Cntlr
M220
Fixes in progress
use mitigations
J9798A HP M220 802.11n (AM) Access Point
J9799A HP M220 802.11n (WW) Access Point
M210
Fixes in progress
use mitigations
JL023A HP M210 802.11n (AM) Access Point
JL024A HP M210 802.11n (WW) Access Point
PS110
Fixes in progress
use mitigations
JL065A HP PS110 Wireless 802.11n VPN AM Router
JL066A HP PS110 Wireless 802.11n VPN WW Router
HP Office Connect 1810 PK
Fixes in progress
use mitigations
J9660A HP 1810-48G Switch
HP Office Connect 1810 P
Fixes in progress
use mitigations
J9450A HP 1810-24G Switch
J9449A HP 1810-8G Switch
HP Office Connect 1810 PL
Fixes in progress
use mitigations
J9802A HP 1810-8G v2 Switch
J9803A HP 1810-24G v2 Switch
RF Manager
Fixes in progress
use mitigations
J9522A HP E-MSM415 RF Security Sensor J9521A HP RF Manager Controller with
50 Sensor License J9838AAE HP RF Manager for VMware 50 Sensor E-LTU
HP Office Connect 1810 PM
Fixes in progress
use mitigations
J9800A HP 1810-8 v2 Switch
J9801A HP 1810-24 v2 Switch
HP Office Connect PS1810
Fixes in progress
use mitigations
J9833A HP PS1810-8G Switch
J9834A HP PS1810-24G Switch
Mitigation Instructions
For SSLv3 Server Functionality on Impacted Products:
Disable SSLv3 on clients
and/or disable CBC ciphers on clients
Use Access Control functionality to control client access
For SSLv3 Client Functionality on Impacted Products:
Go to SSL server and disable SSLv3
and/or disable CBC ciphers
Use Access Control functionality to control access to servers
HISTORY
Version:1 (rev.1) - 2 April 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
https://www.openssl.org/news/secadv_20141015.txt
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
054c36eb1d59a0556ab17a1627f869d2 mbs1/x86_64/lib64openssl1.0.0-1.0.0o-1.mbs1.x86_64.rpm
aaff926dab60e6d5635afde92edd9c91 mbs1/x86_64/lib64openssl-devel-1.0.0o-1.mbs1.x86_64.rpm
27a964cb0697f9a8d0c487db11928cca mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0o-1.mbs1.x86_64.rpm
012ccb3cd7acc23e33666290036d0ec9 mbs1/x86_64/lib64openssl-static-devel-1.0.0o-1.mbs1.x86_64.rpm
dba56f5d00437cfb90c7fecaa7dc2e86 mbs1/x86_64/openssl-1.0.0o-1.mbs1.x86_64.rpm
89ba517c11cc244d57ecb98ec4be4140 mbs1/SRPMS/openssl-1.0.0o-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz: Upgraded.
(* Security fix *)
patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz: Upgraded.
Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE (CVE-2014-3566).
Build option no-ssl3 is incomplete (CVE-2014-3568):
When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them.
For more information, see:
https://www.openssl.org/news/secadv_20141015.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zc-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zc-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zc-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zc-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zc-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1j-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1j-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1j-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1j-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1j-i486-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1j-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1j-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 packages:
44d336a121b39296f0e6bbeeb283dd2b openssl-0.9.8zc-i486-1_slack13.0.txz
8342cfb351e59ecf5ea6d8cba66f0040 openssl-solibs-0.9.8zc-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages:
671f12535bdc10ab24388b713351aca2 openssl-0.9.8zc-x86_64-1_slack13.0.txz
21e380284cdfab2fd15fffe2e0aed526 openssl-solibs-0.9.8zc-x86_64-1_slack13.0.txz
Slackware 13.1 packages:
64cb819f1e07522bd5d7ceedd0a9ab50 openssl-0.9.8zc-i486-1_slack13.1.txz
5fe4e385b2251cfd7e8ae5963ec6cef1 openssl-solibs-0.9.8zc-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages:
94feb6699d6f2cc7750a6b2e17ccaaa2 openssl-0.9.8zc-x86_64-1_slack13.1.txz
2c17e4286509c29074ab0168367b851e openssl-solibs-0.9.8zc-x86_64-1_slack13.1.txz
Slackware 13.37 packages:
4483d91c776c7e23c59246c4e0aa24aa openssl-0.9.8zc-i486-1_slack13.37.txz
fedd58eb19bc13c9dd88d947827a7370 openssl-solibs-0.9.8zc-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages:
5d48ac1e9339efc35e304c7d48b2e762 openssl-0.9.8zc-x86_64-1_slack13.37.txz
6f5e2b576259477c13f12cbed9be8804 openssl-solibs-0.9.8zc-x86_64-1_slack13.37.txz
Slackware 14.0 packages:
2b678160283bc696565dc8bd8b28c0eb openssl-1.0.1j-i486-1_slack14.0.txz
f7762615c990713e9e86d4da962f1022 openssl-solibs-1.0.1j-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages:
41010ca37d49b74e7d7dc3f1c6ddc57e openssl-1.0.1j-x86_64-1_slack14.0.txz
40dc6f3de217279d6140c1efcc0d45c8 openssl-solibs-1.0.1j-x86_64-1_slack14.0.txz
Slackware 14.1 packages:
024ecea55e22e47f9fbb4b81a7b72a51 openssl-1.0.1j-i486-1_slack14.1.txz
0a575668bb41ec4c2160800611f7f627 openssl-solibs-1.0.1j-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages:
d07fe289f7998a584c2b0d9810a8b9aa openssl-1.0.1j-x86_64-1_slack14.1.txz
1ffc5d0c02b0c60cefa5cf9189bfc71d openssl-solibs-1.0.1j-x86_64-1_slack14.1.txz
Slackware -current packages:
53c9f51a79460bbfc5dec5720317cd53 a/openssl-solibs-1.0.1j-i486-1.txz
cc059aa63494f3b005a886c70bc3f5d6 n/openssl-1.0.1j-i486-1.txz
Slackware x86_64 -current packages:
500709555e652adcd84b4e02dfab4eeb a/openssl-solibs-1.0.1j-x86_64-1.txz
c483ca9c450fa90a901ac013276ccc53 n/openssl-1.0.1j-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg openssl-1.0.1j-i486-1_slack14.1.txz openssl-solibs-1.0.1j-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: rhev-hypervisor6 security update
Advisory ID: RHSA-2015:0126-01
Product: Red Hat Enterprise Virtualization
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0126.html
Issue date: 2015-02-04
CVE Names: CVE-2014-3511 CVE-2014-3567 CVE-2014-3611
CVE-2014-3645 CVE-2014-3646 CVE-2015-0235
=====================================================================
1. Summary:
An updated rhev-hypervisor6 package that fixes multiple security issues is
now available for Red Hat Enterprise Virtualization 3.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
RHEV Hypervisor for RHEL-6 - noarch
3. Description:
The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: a subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.
A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the gethostbyname()
and gethostbyname2() glibc function calls. A remote attacker able to make
an application call either of these functions could use this flaw to
execute arbitrary code with the permissions of the user running the
application. (CVE-2015-0235)
A race condition flaw was found in the way the Linux kernel's KVM subsystem
handled PIT (Programmable Interval Timer) emulation. A guest user who has
access to the PIT I/O ports could use this flaw to crash the host.
(CVE-2014-3611)
A flaw was found in the way OpenSSL handled fragmented handshake packets.
A man-in-the-middle attacker could use this flaw to force a TLS/SSL server
using OpenSSL to use TLS 1.0, even if both the client and the server
supported newer protocol versions. A remote attacker could exhaust all available
memory of an SSL/TLS or DTLS server by sending a large number of invalid
session tickets to that server. (CVE-2014-3567)
It was found that the Linux kernel's KVM subsystem did not handle the VM
exits gracefully for the invept (Invalidate Translations Derived from EPT)
and invvpid (Invalidate Translations Based on VPID) instructions. On hosts
with an Intel processor and invept/invppid VM exit support, an unprivileged
guest user could use these instructions to crash the guest. (CVE-2014-3645,
CVE-2014-3646)
Red Hat would like to thank Qualys for reporting the CVE-2015-0235 issue,
Lars Bull of Google for reporting the CVE-2014-3611 issue, and the Advanced
Threat Research team at Intel Security for reporting the CVE-2014-3645 and
CVE-2014-3646 issues.
Users of the Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package.
4. Solution:
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
To upgrade Hypervisors in Red Hat Enterprise Virtualization environments
using the disk image provided by this package, refer to:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/ht
ml/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Ente
rprise_Virtualization_Hypervisors.html
5. Bugs fixed (https://bugzilla.redhat.com/):
1127504 - CVE-2014-3511 openssl: TLS protocol downgrade attack
1144825 - CVE-2014-3646 kernel: kvm: vmx: invvpid vm exit not handled
1144835 - CVE-2014-3645 kernel: kvm: vmx: invept vm exit not handled
1144878 - CVE-2014-3611 kernel: kvm: PIT timer race condition
1152563 - Tracker: RHEV-H 6.6 for RHEV 3.4.z build
1152961 - CVE-2014-3567 openssl: Invalid TLS/SSL session tickets could cause memory leak leading to server crash
1180044 - Incorrect glusterfs package in to RHEVH 6.6 for 3.4.4 and 3.5 build [rhev-3.4.z]
1183461 - CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow
1185720 - Incorrect rhn-virtualization-host and rhn-virtualization-common packages in RHEVH 6.6 for rhev 3.4.5
6. Package List:
RHEV Hypervisor for RHEL-6:
noarch:
rhev-hypervisor6-6.6-20150123.1.el6ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-3511
https://access.redhat.com/security/cve/CVE-2014-3567
https://access.redhat.com/security/cve/CVE-2014-3611
https://access.redhat.com/security/cve/CVE-2014-3645
https://access.redhat.com/security/cve/CVE-2014-3646
https://access.redhat.com/security/cve/CVE-2015-0235
https://access.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFU0l7LXlSAg2UNWIIRAvEdAJ4wGHkcIyH+VhN8Me+wQpBWbHgMiQCdH58Q
EXI2+hZZswncCxMn6NgpQ6g=
=wy8T
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
HP has made the following patch kit available to resolve the vulnerabilities.
The HP SSL Version 1.4-495 for OpenVMS is available from the following
locations:
OpenVMS HP SSL website:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
The HP SSL Version 1.4-495 for OpenVMS kits for both Integrity and Alpha
platforms have been uploaded to HP Support Center website. Customers can
access the kits from Patch Management page