VARIoT IoT vulnerabilities database

The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. Google Chrome is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. Versions prior to Chrome 36.0.1985.143 are vulnerable. Verify the properties of the SPDY connection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3039-1 security@debian.org http://www.debian.org/security/ Michael Gilbert September 28, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2014-3160 CVE-2014-3162 CVE-2014-3165 CVE-2014-3166 CVE-2014-3167 CVE-2014-3168 CVE-2014-3169 CVE-2014-3170 CVE-2014-3171 CVE-2014-3172 CVE-2014-3173 CVE-2014-3174 CVE-2014-3175 CVE-2014-3176 CVE-2014-3177 CVE-2014-3178 CVE-2014-3179 Several vulnerabilities were discovered in the chromium web browser. CVE-2014-3160 Christian Schneider discovered a same origin bypass issue in SVG file resource fetching. CVE-2014-3162 The Google Chrome development team addressed multiple issues with potential security impact for chromium 36.0.1985.125. CVE-2014-3165 Colin Payne discovered a use-after-free issue in the Web Sockets implementation. CVE-2014-3166 Antoine Delignat-Lavaud discovered an information leak in the SPDY protocol implementation. CVE-2014-3167 The Google Chrome development team addressed multiple issues with potential security impact for chromium 36.0.1985.143. CVE-2014-3168 cloudfuzzer discovered a use-after-free issue in SVG image file handling. CVE-2014-3169 Andrzej Dyjak discovered a use-after-free issue in the Webkit/Blink Document Object Model implementation. CVE-2014-3170 Rob Wu discovered a way to spoof the url of chromium extensions. CVE-2014-3171 cloudfuzzer discovered a use-after-free issue in chromium's v8 bindings. CVE-2014-3172 Eli Grey discovered a way to bypass access restrictions using chromium's Debugger extension API. CVE-2014-3173 jmuizelaar discovered an uninitialized read issue in WebGL. CVE-2014-3174 Atte Kettunen discovered an uninitialized read issue in Web Audio. CVE-2014-3175 The Google Chrome development team addressed multiple issues with potential security impact for chromium 37.0.2062.94. CVE-2014-3176 lokihardt@asrt discovered a combination of flaws that can lead to remote code execution outside of chromium's sandbox. CVE-2014-3177 lokihardt@asrt discovered a combination of flaws that can lead to remote code execution outside of chromium's sandbox. CVE-2014-3178 miaubiz discovered a use-after-free issue in the Document Object Model implementation in Blink/Webkit. CVE-2014-3179 The Google Chrome development team addressed multiple issues with potential security impact for chromium 37.0.2062.120. For the stable distribution (wheezy), these problems have been fixed in version 37.0.2062.120-1~deb7u1. For the testing (jessie) and unstable (sid) distributions, these problems have been fixed in version 37.0.2062.120-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJUKFfrAAoJELjWss0C1vRzHiEgAIABz3HDoSbH2wCbN58xmQPs EXADJVYxCyYN6YFnR4lSxekGX3p0Gr+zjGnVzmAVAQnflWEX4e+U4nXN581oLvC4 9DRGyFW5IANzi98AViRZ5SV5lFG93q/ipL5H74/kfg4gqBoxXTw/a6QF20nRYxES S5LQGqMu9Hzkto23nzQUc45uItapphd78StNLtdpaVVN2UV3dDMItMnDpDWpxv9h kUGK1cKjcMEVWOejvI8YEALYo6OMunwR+G6HwG7soc7k4zHOlesIJ86HoKz1aYgZ Yj6reRBZxpQSwAKMzdxKT5OyAMbYadOk6ryPmJSqJv6ky5q13quqqjjecIthY29G hHRInemqRNoGjza1OJj8+vs1K+uWoLbth91CC62KXKhSGVydbOhBXyLtpWsSLGVn YOAeT45QZqmIzvSuAm3HULJmZdLmiFefu8bSHZRuJLt95UZzHBYtD8i85DTCOWaO p6XymJQPbvJtPQ1Qw+ZIJnsjzMhFIwRmuJPm67ZiLt/aQdnsY+WKWlZAvrCSxczp n+eRNRKBRsEiKIQUvRv0S91wCSVnEX6ywY/faOrZv2aH8J1VcYT+qqjMmvpzHgKl HikDmyW7k67Lko8R8Ah92+pktFFFTx/aPEGWrJUOqd+OdREPlv8F06ZNe0lK1nM2 AYn03pLaJvCv3JqGFdEUEPQQpTMsI6cs+VC21RkP9/c3RV7Y6ExjtarZ/1nNVf7q IyqZyYPRd3WmS9gIrsOODUDBWeamd1RkYm3r0u61oP+39m6rX9GIk/2FrWzrefDK nbewNAPtywb4y1Xjg4aHHFiJEVy+8D3qhZkgUTug10Xye2qSzlwRbi+eNmdFwJ/m xf8QTNvGluPcejRiCYmTEosqT2SksWULDfqUx4+3k/uIfpaI15V4QXyIhGFlNxKs cweaD6U5pAvK/RyTuxigM1ezYTs4JZFkYDhbzeCgb03mWOmbU9VP3Sqr+klRRiLA 1cOm22oXmb8P53gHFXxB9V4jBdPk7XVwjB4EA20+qHH6jIePGnhjkNm7hgZJB7Dr vuKmA7g/bCEnlGJC9XjutVXetgF6rx6uVpDKixLOHYwux+2tIu/Qy0AuWfUhT1Yu /CuW/CVztOPyLY2pOwLT5Ao1ERdCk/JzqRzCUfvX+xGirm5b3yT+9j+C2Ij1ohBc Sxs+kAJlldvbUN8/D+gyInWHqbacnu0pnIag05Cwk2mVgOGhPAyJsPuAawqtPj0K aQbBNpXhCMkTc4kRktISA6CBcQUBdWuavKmkYej3SOmluc+sjw6dbm4W8EjI1pJY 6Up8h8azSmt5OTNiAtjxrw/ddH2mFCJGo5+jUjpaICs/218+f5XnquZZMTD3tV8= =pGsl -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2320-1 August 20, 2014 oxide-qt vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Oxide. Software Description: - oxide-qt: Web browser engine library for Qt (QML plugin) Details: A use-after-free was discovered in the websockets implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-3167) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: liboxideqtcore0 1.0.5-0ubuntu0.14.04.1 oxideqt-codecs 1.0.5-0ubuntu0.14.04.1 oxideqt-codecs-extra 1.0.5-0ubuntu0.14.04.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2320-1 CVE-2014-3165, CVE-2014-3166, CVE-2014-3167, https://launchpad.net/bugs/1356372 Package Information: https://launchpad.net/ubuntu/+source/oxide-qt/1.0.5-0ubuntu0.14.04.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: August 30, 2014 Bugs: #504328, #504890, #507212, #508788, #510288, #510904, #512944, #517304, #519788, #521276 ID: 201408-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code. Background ========== Chromium is an open-source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 37.0.2062.94 >= 37.0.2062.94 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94" References ========== [ 1 ] CVE-2014-1741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741 [ 2 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 3 ] CVE-2014-1700 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700 [ 4 ] CVE-2014-1701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701 [ 5 ] CVE-2014-1702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702 [ 6 ] CVE-2014-1703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703 [ 7 ] CVE-2014-1704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704 [ 8 ] CVE-2014-1705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705 [ 9 ] CVE-2014-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713 [ 10 ] CVE-2014-1714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714 [ 11 ] CVE-2014-1715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715 [ 12 ] CVE-2014-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716 [ 13 ] CVE-2014-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717 [ 14 ] CVE-2014-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718 [ 15 ] CVE-2014-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719 [ 16 ] CVE-2014-1720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720 [ 17 ] CVE-2014-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721 [ 18 ] CVE-2014-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722 [ 19 ] CVE-2014-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723 [ 20 ] CVE-2014-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724 [ 21 ] CVE-2014-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725 [ 22 ] CVE-2014-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726 [ 23 ] CVE-2014-1727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727 [ 24 ] CVE-2014-1728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728 [ 25 ] CVE-2014-1729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729 [ 26 ] CVE-2014-1730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730 [ 27 ] CVE-2014-1731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731 [ 28 ] CVE-2014-1732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732 [ 29 ] CVE-2014-1733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733 [ 30 ] CVE-2014-1734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734 [ 31 ] CVE-2014-1735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735 [ 32 ] CVE-2014-1740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740 [ 33 ] CVE-2014-1742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742 [ 34 ] CVE-2014-1743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743 [ 35 ] CVE-2014-1744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744 [ 36 ] CVE-2014-1745 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745 [ 37 ] CVE-2014-1746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746 [ 38 ] CVE-2014-1747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747 [ 39 ] CVE-2014-1748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748 [ 40 ] CVE-2014-1749 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749 [ 41 ] CVE-2014-3154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154 [ 42 ] CVE-2014-3155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155 [ 43 ] CVE-2014-3156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156 [ 44 ] CVE-2014-3157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157 [ 45 ] CVE-2014-3160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160 [ 46 ] CVE-2014-3162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162 [ 47 ] CVE-2014-3165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165 [ 48 ] CVE-2014-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166 [ 49 ] CVE-2014-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167 [ 50 ] CVE-2014-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168 [ 51 ] CVE-2014-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169 [ 52 ] CVE-2014-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170 [ 53 ] CVE-2014-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171 [ 54 ] CVE-2014-3172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172 [ 55 ] CVE-2014-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173 [ 56 ] CVE-2014-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174 [ 57 ] CVE-2014-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175 [ 58 ] CVE-2014-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176 [ 59 ] CVE-2014-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to cause a denial of service (application crash or hang) via unspecified vectors. IBM Tivoli Storage Manager is prone to local denial-of-service vulnerability. Successful exploits will allow local attackers to cause a denial-of-service conditions. The solution supports data protection, space management and archiving, business recovery and disaster recovery, etc. A local attacker could exploit this vulnerability to cause a denial of service (application crash or hang). The following versions are affected: IBM TSM 5.x and 6.x prior to 6.2.5.2, 6.3.x prior to 6.3.2, and 6.4.x prior to 6.4.2

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0544, and CVE-2014-0545. This vulnerability CVE-2014-0540 , CVE-2014-0542 , CVE-2014-0544 ,and CVE-2014-0545 Is a different vulnerability.By the attacker, ASLR Protection mechanisms may be bypassed. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.400" References ========== [ 1 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 2 ] CVE-2014-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540 [ 3 ] CVE-2014-0541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541 [ 4 ] CVE-2014-0542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542 [ 5 ] CVE-2014-0543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543 [ 6 ] CVE-2014-0544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544 [ 7 ] CVE-2014-0545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545. This vulnerability CVE-2014-0540 , CVE-2014-0543 , CVE-2014-0544 ,and CVE-2014-0545 Is a different vulnerability.By the attacker, ASLR Protection mechanisms may be bypassed. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.400" References ========== [ 1 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 2 ] CVE-2014-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540 [ 3 ] CVE-2014-0541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541 [ 4 ] CVE-2014-0542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542 [ 5 ] CVE-2014-0543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543 [ 6 ] CVE-2014-0544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544 [ 7 ] CVE-2014-0545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 allow attackers to bypass intended access restrictions via unspecified vectors. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Security flaws exist in several Adobe products. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.400" References ========== [ 1 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 2 ] CVE-2014-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540 [ 3 ] CVE-2014-0541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541 [ 4 ] CVE-2014-0542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542 [ 5 ] CVE-2014-0543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543 [ 6 ] CVE-2014-0544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544 [ 7 ] CVE-2014-0545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.400. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0544. This vulnerability CVE-2014-0540 , CVE-2014-0542 , CVE-2014-0543 ,and CVE-2014-0544 Is a different vulnerability.By the attacker, ASLR Protection mechanisms may be bypassed. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.400" References ========== [ 1 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 2 ] CVE-2014-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540 [ 3 ] CVE-2014-0541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541 [ 4 ] CVE-2014-0542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542 [ 5 ] CVE-2014-0543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543 [ 6 ] CVE-2014-0544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544 [ 7 ] CVE-2014-0545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0545. This vulnerability CVE-2014-0540 , CVE-2014-0542 , CVE-2014-0543 ,and CVE-2014-0545 Is a different vulnerability.By the attacker, ASLR Protection mechanisms may be bypassed. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.400" References ========== [ 1 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 2 ] CVE-2014-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540 [ 3 ] CVE-2014-0541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541 [ 4 ] CVE-2014-0542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542 [ 5 ] CVE-2014-0543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543 [ 6 ] CVE-2014-0544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544 [ 7 ] CVE-2014-0545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545. This vulnerability CVE-2014-0542 , CVE-2014-0543 , CVE-2014-0544 ,and CVE-2014-0545 Is a different vulnerability.By the attacker, ASLR Protection mechanisms may be bypassed. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Vector objects. By manipulating Vector objects an attacker can read arbitrary memory. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.400" References ========== [ 1 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 2 ] CVE-2014-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540 [ 3 ] CVE-2014-0541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541 [ 4 ] CVE-2014-0542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542 [ 5 ] CVE-2014-0543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543 [ 6 ] CVE-2014-0544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544 [ 7 ] CVE-2014-0545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player and AIR are prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. A use-after-free vulnerability exists in several Adobe products. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.400" References ========== [ 1 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 2 ] CVE-2014-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540 [ 3 ] CVE-2014-0541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541 [ 4 ] CVE-2014-0542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542 [ 5 ] CVE-2014-0543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543 [ 6 ] CVE-2014-0544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544 [ 7 ] CVE-2014-0545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== Chromium is an open-source web browser project

The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491. Cisco Unified Communications Manager is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application. This issue is being tracked by Cisco bug ID CSCum95491. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. There is a security vulnerability in the CTIManager module of Cisco Unified CM version 10.0(1)

The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428. Attackers can exploit this issue to cause a process to crash, resulting in a denial of service condition. This issue is being tracked by Cisco Bug ID CSCtq76428. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The vulnerability is caused by the SIP subsystem not properly handling XML documents

D-Link DNS-315L, DNS-320L, DNS-327L, DNS-340L, and DNS-345 are NAS network storage devices. Multiple D-Link products 'login_mgr.cgi' have remote command injection vulnerabilities that allow an attacker to exploit a vulnerability to execute arbitrary commands in the context of an affected device. Multiple D-Link Products are prone to a command-injection vulnerability. Failed exploit attempts will likely result in denial-of-service conditions

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands. MIT kerberos 5 is prone to a buffer overflow vulnerability due to a out-of-bounds write memory access condition. Attackers can exploit this issue to execute arbitrary code within the context of the user. Failed attempts will likely cause a denial-of-service condition. MIT kerberos 5 1.6 through 1.12.1 are vulnerable. CVE-2014-4343 An unauthenticated remote attacker with the ability to spoof packets appearing to be from a GSSAPI acceptor can cause a double-free condition in GSSAPI initiators (clients) which are using the SPNEGO mechanism, by returning a different underlying mechanism than was proposed by the initiator. CVE-2014-4344 An unauthenticated or partially authenticated remote attacker can cause a NULL dereference and application crash during a SPNEGO negotiation by sending an empty token as the second or later context token from initiator to acceptor. For the stable distribution (wheezy), these problems have been fixed in version 1.10.1+dfsg-5+deb7u2. For the unstable distribution (sid), these problems have been fixed in version 1.12.1+dfsg-7. ========================================================================== Ubuntu Security Notice USN-2310-1 August 11, 2014 krb5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Kerberos. This issue only affected Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-4344) Tomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon incorrectly handled buffers when used with the LDAP backend. (CVE-2014-4345) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: krb5-admin-server 1.12+dfsg-2ubuntu4.2 krb5-kdc 1.12+dfsg-2ubuntu4.2 krb5-kdc-ldap 1.12+dfsg-2ubuntu4.2 krb5-otp 1.12+dfsg-2ubuntu4.2 krb5-pkinit 1.12+dfsg-2ubuntu4.2 krb5-user 1.12+dfsg-2ubuntu4.2 libgssapi-krb5-2 1.12+dfsg-2ubuntu4.2 libgssrpc4 1.12+dfsg-2ubuntu4.2 libk5crypto3 1.12+dfsg-2ubuntu4.2 libkadm5clnt-mit9 1.12+dfsg-2ubuntu4.2 libkadm5srv-mit9 1.12+dfsg-2ubuntu4.2 libkdb5-7 1.12+dfsg-2ubuntu4.2 libkrad0 1.12+dfsg-2ubuntu4.2 libkrb5-3 1.12+dfsg-2ubuntu4.2 libkrb5support0 1.12+dfsg-2ubuntu4.2 Ubuntu 12.04 LTS: krb5-admin-server 1.10+dfsg~beta1-2ubuntu0.5 krb5-kdc 1.10+dfsg~beta1-2ubuntu0.5 krb5-kdc-ldap 1.10+dfsg~beta1-2ubuntu0.5 krb5-pkinit 1.10+dfsg~beta1-2ubuntu0.5 krb5-user 1.10+dfsg~beta1-2ubuntu0.5 libgssapi-krb5-2 1.10+dfsg~beta1-2ubuntu0.5 libgssrpc4 1.10+dfsg~beta1-2ubuntu0.5 libk5crypto3 1.10+dfsg~beta1-2ubuntu0.5 libkadm5clnt-mit8 1.10+dfsg~beta1-2ubuntu0.5 libkadm5srv-mit8 1.10+dfsg~beta1-2ubuntu0.5 libkdb5-6 1.10+dfsg~beta1-2ubuntu0.5 libkrb5-3 1.10+dfsg~beta1-2ubuntu0.5 libkrb5support0 1.10+dfsg~beta1-2ubuntu0.5 Ubuntu 10.04 LTS: krb5-admin-server 1.8.1+dfsg-2ubuntu0.13 krb5-kdc 1.8.1+dfsg-2ubuntu0.13 krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.13 krb5-pkinit 1.8.1+dfsg-2ubuntu0.13 krb5-user 1.8.1+dfsg-2ubuntu0.13 libgssapi-krb5-2 1.8.1+dfsg-2ubuntu0.13 libgssrpc4 1.8.1+dfsg-2ubuntu0.13 libk5crypto3 1.8.1+dfsg-2ubuntu0.13 libkadm5clnt-mit7 1.8.1+dfsg-2ubuntu0.13 libkadm5srv-mit7 1.8.1+dfsg-2ubuntu0.13 libkdb5-4 1.8.1+dfsg-2ubuntu0.13 libkrb5-3 1.8.1+dfsg-2ubuntu0.13 libkrb5support0 1.8.1+dfsg-2ubuntu0.13 In general, a standard system update will make all the necessary changes. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 MITKRB5-SA-2014-001 MIT krb5 Security Advisory 2014-001 Original release: 2014-08-07 Last update: 2014-08-07 Topic: Buffer overrun in kadmind with LDAP backend CVSSv2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2 Base Score: 8.5 Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete CVSSv2 Temporal Score: 6.7 Exploitability: Proof-of-Concept Remediation Level: Official Fix Report Confidence: Confirmed SUMMARY ======= In MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overflow). This is not a protocol vulnerability. Using LDAP for the KDC database is a non-default configuration for the KDC. IMPACT ====== Historically, it has been possible to convert an out-of-bounds write into remote code execution in some cases, though the necessary exploits must be tailored to the individual application and are usually quite complicated. Depending on the allocated length of the array, an out-of-bounds write may also cause a segmentation fault and/or application crash. Releases of MIT krb5 prior to 1.6 did not provide the ability to use LDAP for the KDB backend. FIXES ===== * Workaround: disable or restrict access to kadmind until a patched version can be installed. This will prevent principal creation, password changes, keytab updates, and other administrative operations. * The krb5-1.12.2 and krb5-1.11.6 releases will contain a fix for this vulnerability. diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index ce851ea..df5934c 100644 - --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -456,7 +456,8 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data, j++; last = i + 1; - - currkvno = key_data[i].key_data_kvno; + if (i < n_key_data - 1) + currkvno = key_data[i + 1].key_data_kvno; } } ret[num_versions] = NULL; This patch is also available at http://web.mit.edu/kerberos/advisories/2014-001-patch.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2014-001-patch.txt.asc REFERENCES ========== This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVSSv2: http://www.first.org/cvss/cvss-guide.html http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2 CVE: CVE-2014-4345 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345 ACKNOWLEDGMENTS =============== This off-by-one error was reported by Tomas Kuthan as github pull request #181 and recognized as a vulnerability by Greg Hudson. When sending sensitive information, please PGP-encrypt it using the following key: pub 2048R/C436A9C6 2014-01-07 [expires: 2015-02-01] Key fingerprint = 1849 02FF 0CA8 A385 F28D 2E7E 2AF0 C1EA C436 A9C6 uid MIT Kerberos Team Security Contact <krbcore-security@mit.edu> DETAILS ======= The 'cpw -keepold' functionality allows for the existing keys to be retained at password-change (or keytab-change) time, instead of being discarded as usual. An array must be allocated to store all the old keys, as well as the new keys and a NULL terminator. In normal operation, all the keys for a single kvno will share an array slot. An off-by-one error while copying key information to the new array results in keys sharing a common kvno being written to different array buckets, with the first key of a kvno betting a single bucket, and the remaining keys getting the next bucket. After sufficient iterations, the extra writes extend past the end of the (NULL-terminated) array. The NULL terminator is always written after the end of the loop, so no out-of-bounds data is read, it is only written. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-crypt/mit-krb5 < 1.13 >= 1.13 Description =========== Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.13" References ========== [ 1 ] CVE-2014-4341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4341 [ 2 ] CVE-2014-4343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4343 [ 3 ] CVE-2014-4345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4345 [ 4 ] CVE-2014-5351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5351 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-53.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: krb5 security, bug fix and enhancement update Advisory ID: RHSA-2015:0439-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0439.html Issue date: 2015-03-05 CVE Names: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5352 CVE-2014-5353 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 ===================================================================== 1. Summary: Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. (CVE-2014-4345) A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application. (CVE-2014-5352) If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker with the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. (CVE-2014-5353) A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421) It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as "kad/x") could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422) An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS implementation (libgssrpc) handled certain requests. An attacker could send a specially crafted request to an application using libgssrpc to disclose a limited portion of uninitialized memory used by that application. (CVE-2014-9423) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT Kerberos project acknowledges Nico Williams for helping with the analysis of CVE-2014-5352. The krb5 packages have been upgraded to upstream version 1.12, which provides a number of bug fixes and enhancements, including: * Added plug-in interfaces for principal-to-username mapping and verifying authorization to user accounts. * When communicating with a KDC over a connected TCP or HTTPS socket, the client gives the KDC more time to reply before it transmits the request to another server. (BZ#1049709, BZ#1127995) This update also fixes multiple bugs, for example: * The Kerberos client library did not recognize certain exit statuses that the resolver libraries could return when looking up the addresses of servers configured in the /etc/krb5.conf file or locating Kerberos servers using DNS service location. The library could treat non-fatal return codes as fatal errors. Now, the library interprets the specific return codes correctly. (BZ#1084068, BZ#1109102) In addition, this update adds various enhancements. Among others: * Added support for contacting KDCs and kpasswd servers through HTTPS proxies implementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919) 4. Solution: All krb5 users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1084068 - ipv6 address handling in krb5.conf 1102837 - Please backport improved GSSAPI mech configuration 1109102 - Kerberos does not handle incorrect Active Directory DNS SRV entries correctly 1109919 - Backport https support into libkrb5 1116180 - CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext 1118347 - ksu non-functional, gets invalid argument copying cred cache 1120581 - CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens 1121789 - CVE-2014-4343: use-after-free crash in SPNEGO 1121876 - CVE-2014-4343 krb5: double-free flaw in SPNEGO initiators 1121877 - CVE-2014-4344 krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens 1127995 - aggressive kinit timeout causes AS_REQ resent and subsequent OTP auth failure 1128157 - CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001) 1166012 - libkadmclnt SONAME change (8 to 9) in krb5 1.12 update 1174543 - CVE-2014-5353 krb5: NULL pointer dereference when using a ticket policy name as a password policy name 1179856 - CVE-2014-5352 krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001) 1179857 - CVE-2014-9421 krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001) 1179861 - CVE-2014-9422 krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001) 1179863 - CVE-2014-9423 krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001) 1184629 - kinit loops on principals on unknown error 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: krb5-1.12.2-14.el7.src.rpm x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: krb5-1.12.2-14.el7.src.rpm x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: krb5-1.12.2-14.el7.src.rpm ppc64: krb5-debuginfo-1.12.2-14.el7.ppc.rpm krb5-debuginfo-1.12.2-14.el7.ppc64.rpm krb5-devel-1.12.2-14.el7.ppc.rpm krb5-devel-1.12.2-14.el7.ppc64.rpm krb5-libs-1.12.2-14.el7.ppc.rpm krb5-libs-1.12.2-14.el7.ppc64.rpm krb5-pkinit-1.12.2-14.el7.ppc64.rpm krb5-server-1.12.2-14.el7.ppc64.rpm krb5-server-ldap-1.12.2-14.el7.ppc64.rpm krb5-workstation-1.12.2-14.el7.ppc64.rpm s390x: krb5-debuginfo-1.12.2-14.el7.s390.rpm krb5-debuginfo-1.12.2-14.el7.s390x.rpm krb5-devel-1.12.2-14.el7.s390.rpm krb5-devel-1.12.2-14.el7.s390x.rpm krb5-libs-1.12.2-14.el7.s390.rpm krb5-libs-1.12.2-14.el7.s390x.rpm krb5-pkinit-1.12.2-14.el7.s390x.rpm krb5-server-1.12.2-14.el7.s390x.rpm krb5-server-ldap-1.12.2-14.el7.s390x.rpm krb5-workstation-1.12.2-14.el7.s390x.rpm x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: krb5-1.12.2-14.el7.src.rpm x86_64: krb5-debuginfo-1.12.2-14.el7.i686.rpm krb5-debuginfo-1.12.2-14.el7.x86_64.rpm krb5-devel-1.12.2-14.el7.i686.rpm krb5-devel-1.12.2-14.el7.x86_64.rpm krb5-libs-1.12.2-14.el7.i686.rpm krb5-libs-1.12.2-14.el7.x86_64.rpm krb5-pkinit-1.12.2-14.el7.x86_64.rpm krb5-server-1.12.2-14.el7.x86_64.rpm krb5-server-ldap-1.12.2-14.el7.x86_64.rpm krb5-workstation-1.12.2-14.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-4341 https://access.redhat.com/security/cve/CVE-2014-4342 https://access.redhat.com/security/cve/CVE-2014-4343 https://access.redhat.com/security/cve/CVE-2014-4344 https://access.redhat.com/security/cve/CVE-2014-4345 https://access.redhat.com/security/cve/CVE-2014-5352 https://access.redhat.com/security/cve/CVE-2014-5353 https://access.redhat.com/security/cve/CVE-2014-9421 https://access.redhat.com/security/cve/CVE-2014-9422 https://access.redhat.com/security/cve/CVE-2014-9423 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFU+GoxXlSAg2UNWIIRAtkZAJ9PYyHLsR1t+YWgqw4jb4XTtX8iuACgkxfi gZD8EL2lSaLXnIQxca8zLTg= =aK0y -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64 3. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. (CVE-2014-4343) These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes

SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is being tracked by Cisco Bug ID CSCuq31016. The platform can use voice commands to make calls or listen to messages "hands-free"

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors. Huawei HiLink is a new and simpler network card that Huawei has introduced. Huawei HiLink E3236 and E3276 are prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Both Huawei HiLink E3276 and E3236 are USB modem products of the Chinese Huawei (Huawei). Cross-site request forgery vulnerabilities exist in several Huawei HiLink products. The following products and versions are affected: Huawei HiLink E3276 and E3236 TCPPU versions prior to V200R002B470D13SP00C00, WebUI versions prior to V100R007B100D03SP01C03, versions prior to E5180s-22 21.270.21.00.00, and versions prior to E586Bs-2 21.322.1089.00.8

Sharp is a Japanese electrical and electronics company. Sharp Printers is a set of printer software from Sharp Corporation of Japan. A remote denial of service vulnerability exists in Sharp printers. An attacker could exploit this vulnerability to cause a denial of service, and possibly execute arbitrary code. Due to the nature of this issue, remote code execution is also possible

The Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allow remote attackers to read hardcoded credentials via the web interface. Additionally, these broadband satellite terminals utilize an insecure proprietary communications protocol that allows unauthenticated users to perform privileged operations on the devices (CWE-306). Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party Web There is a possibility that hard-coded credentials can be read through the interface. Iridium OpenPort is a marine satellite terminal product. Iridium Pilot and OpenPort built-in accounts have information disclosure vulnerabilities. The device's administrator authentication credentials cannot be changed, allowing attackers to exploit the vulnerability for unauthorized access. Affected devices

Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code. Cobham Multiple product web interfaces are vulnerable to a password recovery mechanism. Cobham Multiple product web interfaces have a password reset mechanism. It ’s easy to analyze this mechanism, and the administrator account password can be altered ( CWE-640 ). CWE-640: Weak Password Recovery Mechanism for Forgotten Password http://cwe.mitre.org/data/definitions/640.htmlA remote attacker who accesses the web interface may reset the administrator password and operate the product. Cobham SATCOM is a satellite communications company. Multiple Cobham products are prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may lead to further attacks

Cobham Sailor 6000 satellite terminals have hardcoded Tbus 2 credentials, which allows remote attackers to obtain access via a TBUS2 command. NOTE: the vendor reportedly states "there is no possibility to exploit another user's credentials. ** Unsettled ** This case has not been confirmed as a vulnerability. Tbus 2 Protocol is the protocol used for device maintenance. The vulnerability is VU#460687 It is a different problem. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, the vendor says that “There is no possibility of misusing other users' certificates”.Any by a third party Tbus 2 Commands may be sent and the system may be operated. The Cobham Sailor 6000 Series has a security bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and gain access to the affected device

The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response. Cobham thraneLINK There is a vulnerability in the firmware update function of the device. Cobham of thraneLINK The protocol does not verify the digital signature of the firmware update ( CWE-347 ). Also connected to the network thraneLINK The device SLPFindSrvs You can enumerate by protocol. As a result, crafted SNMP Prepared by a third party upon request TFTP server May download unauthorized firmware updates from. CWE-347: Improper Verification of Cryptographic Signature http://cwe.mitre.org/data/definitions/347.htmlBy a remote third party, thraneLINK A malicious firmware image may be deployed on the device and execute arbitrary code. Cobham thraneLINK is a communication protocol used by the Cobham Company in the United Kingdom for satellite communication systems. It supports SAILOR devices in connected networks and provides remote diagnostics. Cobham thraneLINK has a remote code execution vulnerability. Failed exploit attempts will likely cause denial-of-service conditions