VARIoT IoT vulnerabilities database
| VAR-201408-0160 | CVE-2014-3337 | Cisco Unified Communications Manager of SIP Service disruption in implementations (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428.
Attackers can exploit this issue to cause a process to crash, resulting in a denial of service condition.
This issue is being tracked by Cisco Bug ID CSCtq76428. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The vulnerability is caused by the SIP subsystem not properly handling XML documents
| VAR-201408-0479 | No CVE | Multiple D-Link products 'login_mgr.cgi' remote command injection vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
D-Link DNS-315L, DNS-320L, DNS-327L, DNS-340L, and DNS-345 are NAS network storage devices. Multiple D-Link products 'login_mgr.cgi' have remote command injection vulnerabilities that allow an attacker to exploit a vulnerability to execute arbitrary commands in the context of an affected device. Multiple D-Link Products are prone to a command-injection vulnerability. Failed exploit attempts will likely result in denial-of-service conditions
| VAR-201408-0300 | CVE-2014-4345 | MIT Kerberos 5 Poor error loophole |
CVSS V2: 8.5 CVSS V3: - Severity: HIGH |
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands. MIT kerberos 5 is prone to a buffer overflow vulnerability due to a out-of-bounds write memory access condition.
Attackers can exploit this issue to execute arbitrary code within the context of the user. Failed attempts will likely cause a denial-of-service condition.
MIT kerberos 5 1.6 through 1.12.1 are vulnerable.
CVE-2014-4343
An unauthenticated remote attacker with the ability to spoof packets
appearing to be from a GSSAPI acceptor can cause a double-free
condition in GSSAPI initiators (clients) which are using the SPNEGO
mechanism, by returning a different underlying mechanism than was
proposed by the initiator.
CVE-2014-4344
An unauthenticated or partially authenticated remote attacker can
cause a NULL dereference and application crash during a SPNEGO
negotiation by sending an empty token as the second or later context
token from initiator to acceptor.
For the stable distribution (wheezy), these problems have been fixed in
version 1.10.1+dfsg-5+deb7u2.
For the unstable distribution (sid), these problems have been fixed in
version 1.12.1+dfsg-7. ==========================================================================
Ubuntu Security Notice USN-2310-1
August 11, 2014
krb5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Kerberos. This issue only affected Ubuntu
12.04 LTS. This
issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected
Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.
This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.
(CVE-2014-4344)
Tomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon
incorrectly handled buffers when used with the LDAP backend. (CVE-2014-4345)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
krb5-admin-server 1.12+dfsg-2ubuntu4.2
krb5-kdc 1.12+dfsg-2ubuntu4.2
krb5-kdc-ldap 1.12+dfsg-2ubuntu4.2
krb5-otp 1.12+dfsg-2ubuntu4.2
krb5-pkinit 1.12+dfsg-2ubuntu4.2
krb5-user 1.12+dfsg-2ubuntu4.2
libgssapi-krb5-2 1.12+dfsg-2ubuntu4.2
libgssrpc4 1.12+dfsg-2ubuntu4.2
libk5crypto3 1.12+dfsg-2ubuntu4.2
libkadm5clnt-mit9 1.12+dfsg-2ubuntu4.2
libkadm5srv-mit9 1.12+dfsg-2ubuntu4.2
libkdb5-7 1.12+dfsg-2ubuntu4.2
libkrad0 1.12+dfsg-2ubuntu4.2
libkrb5-3 1.12+dfsg-2ubuntu4.2
libkrb5support0 1.12+dfsg-2ubuntu4.2
Ubuntu 12.04 LTS:
krb5-admin-server 1.10+dfsg~beta1-2ubuntu0.5
krb5-kdc 1.10+dfsg~beta1-2ubuntu0.5
krb5-kdc-ldap 1.10+dfsg~beta1-2ubuntu0.5
krb5-pkinit 1.10+dfsg~beta1-2ubuntu0.5
krb5-user 1.10+dfsg~beta1-2ubuntu0.5
libgssapi-krb5-2 1.10+dfsg~beta1-2ubuntu0.5
libgssrpc4 1.10+dfsg~beta1-2ubuntu0.5
libk5crypto3 1.10+dfsg~beta1-2ubuntu0.5
libkadm5clnt-mit8 1.10+dfsg~beta1-2ubuntu0.5
libkadm5srv-mit8 1.10+dfsg~beta1-2ubuntu0.5
libkdb5-6 1.10+dfsg~beta1-2ubuntu0.5
libkrb5-3 1.10+dfsg~beta1-2ubuntu0.5
libkrb5support0 1.10+dfsg~beta1-2ubuntu0.5
Ubuntu 10.04 LTS:
krb5-admin-server 1.8.1+dfsg-2ubuntu0.13
krb5-kdc 1.8.1+dfsg-2ubuntu0.13
krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.13
krb5-pkinit 1.8.1+dfsg-2ubuntu0.13
krb5-user 1.8.1+dfsg-2ubuntu0.13
libgssapi-krb5-2 1.8.1+dfsg-2ubuntu0.13
libgssrpc4 1.8.1+dfsg-2ubuntu0.13
libk5crypto3 1.8.1+dfsg-2ubuntu0.13
libkadm5clnt-mit7 1.8.1+dfsg-2ubuntu0.13
libkadm5srv-mit7 1.8.1+dfsg-2ubuntu0.13
libkdb5-4 1.8.1+dfsg-2ubuntu0.13
libkrb5-3 1.8.1+dfsg-2ubuntu0.13
libkrb5support0 1.8.1+dfsg-2ubuntu0.13
In general, a standard system update will make all the necessary changes. The verification
of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
MITKRB5-SA-2014-001
MIT krb5 Security Advisory 2014-001
Original release: 2014-08-07
Last update: 2014-08-07
Topic: Buffer overrun in kadmind with LDAP backend
CVSSv2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C
CVSSv2 Base Score: 8.5
Access Vector: Network
Access Complexity: Medium
Authentication: Single
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
CVSSv2 Temporal Score: 6.7
Exploitability: Proof-of-Concept
Remediation Level: Official Fix
Report Confidence: Confirmed
SUMMARY
=======
In MIT krb5, when kadmind is configured to use LDAP for the KDC
database, an authenticated remote attacker can cause it to perform an
out-of-bounds write (buffer overflow). This is not a protocol
vulnerability. Using LDAP for the KDC database is a non-default
configuration for the KDC.
IMPACT
======
Historically, it has been possible to convert an out-of-bounds write
into remote code execution in some cases, though the necessary exploits
must be tailored to the individual application and are usually quite
complicated. Depending on the allocated length of the array, an
out-of-bounds write may also cause a segmentation fault and/or
application crash.
Releases of MIT krb5 prior to 1.6 did not provide the ability to use
LDAP for the KDB backend.
FIXES
=====
* Workaround: disable or restrict access to kadmind until a patched
version can be installed. This will prevent principal creation,
password changes, keytab updates, and other administrative operations.
* The krb5-1.12.2 and krb5-1.11.6 releases will contain a fix for this
vulnerability.
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index ce851ea..df5934c 100644
- --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -456,7 +456,8 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data,
j++;
last = i + 1;
- - currkvno = key_data[i].key_data_kvno;
+ if (i < n_key_data - 1)
+ currkvno = key_data[i + 1].key_data_kvno;
}
}
ret[num_versions] = NULL;
This patch is also available at
http://web.mit.edu/kerberos/advisories/2014-001-patch.txt
A PGP-signed patch is available at
http://web.mit.edu/kerberos/advisories/2014-001-patch.txt.asc
REFERENCES
==========
This announcement is posted at:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt
This announcement and related security advisories may be found on the
MIT Kerberos security advisory page at:
http://web.mit.edu/kerberos/advisories/index.html
The main MIT Kerberos web page is at:
http://web.mit.edu/kerberos/index.html
CVSSv2:
http://www.first.org/cvss/cvss-guide.html
http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
CVE: CVE-2014-4345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345
ACKNOWLEDGMENTS
===============
This off-by-one error was reported by Tomas Kuthan as github pull
request #181 and recognized as a vulnerability by Greg Hudson. When sending sensitive information,
please PGP-encrypt it using the following key:
pub 2048R/C436A9C6 2014-01-07 [expires: 2015-02-01]
Key fingerprint = 1849 02FF 0CA8 A385 F28D 2E7E 2AF0 C1EA C436 A9C6
uid MIT Kerberos Team Security Contact <krbcore-security@mit.edu>
DETAILS
=======
The 'cpw -keepold' functionality allows for the existing keys to be
retained at password-change (or keytab-change) time, instead of being
discarded as usual. An array must be allocated to store all the old
keys, as well as the new keys and a NULL terminator. In normal
operation, all the keys for a single kvno will share an array slot. An
off-by-one error while copying key information to the new array results
in keys sharing a common kvno being written to different array buckets,
with the first key of a kvno betting a single bucket, and the remaining
keys getting the next bucket. After sufficient iterations, the extra
writes extend past the end of the (NULL-terminated) array. The NULL
terminator is always written after the end of the loop, so no
out-of-bounds data is read, it is only written.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-crypt/mit-krb5 < 1.13 >= 1.13
Description
===========
Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All MIT Kerberos 5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.13"
References
==========
[ 1 ] CVE-2014-4341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4341
[ 2 ] CVE-2014-4343
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4343
[ 3 ] CVE-2014-4345
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4345
[ 4 ] CVE-2014-5351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5351
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-53.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. After installing the
updated packages, the krb5kdc and kadmind daemons will be restarted
automatically. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: krb5 security, bug fix and enhancement update
Advisory ID: RHSA-2015:0439-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0439.html
Issue date: 2015-03-05
CVE Names: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343
CVE-2014-4344 CVE-2014-4345 CVE-2014-5352
CVE-2014-5353 CVE-2014-9421 CVE-2014-9422
CVE-2014-9423
=====================================================================
1. Summary:
Updated krb5 packages that fix multiple security issues, several bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Kerberos is a networked authentication system which allows clients and
servers to authenticate to each other with the help of a trusted third
party, the Kerberos KDC.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO
acceptor for continuation tokens. A remote, unauthenticated attacker could
use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344)
A buffer overflow was found in the KADM5 administration server (kadmind)
when it was used with an LDAP back end for the KDC database. (CVE-2014-4345)
A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5
library processed valid context deletion tokens. An attacker able to make
an application using the GSS-API library (libgssapi) call the
gss_process_context_token() function could use this flaw to crash that
application. (CVE-2014-5352)
If kadmind were used with an LDAP back end for the KDC database, a remote,
authenticated attacker with the permissions to set the password policy
could crash kadmind by attempting to use a named ticket policy object as a
password policy for a principal. (CVE-2014-5353)
A double-free flaw was found in the way MIT Kerberos handled invalid
External Data Representation (XDR) data. An authenticated user could use
this flaw to crash the MIT Kerberos administration server (kadmind), or
other applications using Kerberos libraries, using specially crafted XDR
packets. (CVE-2014-9421)
It was found that the MIT Kerberos administration server (kadmind)
incorrectly accepted certain authentication requests for two-component
server principal names. A remote attacker able to acquire a key with a
particularly named principal (such as "kad/x") could use this flaw to
impersonate any user to kadmind, and perform administrative actions as that
user. (CVE-2014-9422)
An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS
implementation (libgssrpc) handled certain requests. An attacker could send
a specially crafted request to an application using libgssrpc to disclose a
limited portion of uninitialized memory used by that application.
(CVE-2014-9423)
Two buffer over-read flaws were found in the way MIT Kerberos handled
certain requests. A remote, unauthenticated attacker able to inject packets
into a client or server application's GSSAPI session could use either of
these flaws to crash the application. An
attacker able to spoof packets to appear as though they are from an GSSAPI
acceptor could use this flaw to crash a client application that uses MIT
Kerberos. (CVE-2014-4343)
Red Hat would like to thank the MIT Kerberos project for reporting the
CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT
Kerberos project acknowledges Nico Williams for helping with the analysis
of CVE-2014-5352.
The krb5 packages have been upgraded to upstream version 1.12, which
provides a number of bug fixes and enhancements, including:
* Added plug-in interfaces for principal-to-username mapping and verifying
authorization to user accounts.
* When communicating with a KDC over a connected TCP or HTTPS socket, the
client gives the KDC more time to reply before it transmits the request to
another server. (BZ#1049709, BZ#1127995)
This update also fixes multiple bugs, for example:
* The Kerberos client library did not recognize certain exit statuses that
the resolver libraries could return when looking up the addresses of
servers configured in the /etc/krb5.conf file or locating Kerberos servers
using DNS service location. The library could treat non-fatal return codes
as fatal errors. Now, the library interprets the specific return codes
correctly. (BZ#1084068, BZ#1109102)
In addition, this update adds various enhancements. Among others:
* Added support for contacting KDCs and kpasswd servers through HTTPS
proxies implementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919)
4. Solution:
All krb5 users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements.
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1084068 - ipv6 address handling in krb5.conf
1102837 - Please backport improved GSSAPI mech configuration
1109102 - Kerberos does not handle incorrect Active Directory DNS SRV entries correctly
1109919 - Backport https support into libkrb5
1116180 - CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext
1118347 - ksu non-functional, gets invalid argument copying cred cache
1120581 - CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens
1121789 - CVE-2014-4343: use-after-free crash in SPNEGO
1121876 - CVE-2014-4343 krb5: double-free flaw in SPNEGO initiators
1121877 - CVE-2014-4344 krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens
1127995 - aggressive kinit timeout causes AS_REQ resent and subsequent OTP auth failure
1128157 - CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)
1166012 - libkadmclnt SONAME change (8 to 9) in krb5 1.12 update
1174543 - CVE-2014-5353 krb5: NULL pointer dereference when using a ticket policy name as a password policy name
1179856 - CVE-2014-5352 krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)
1179857 - CVE-2014-9421 krb5: kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)
1179861 - CVE-2014-9422 krb5: kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)
1179863 - CVE-2014-9423 krb5: libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001)
1184629 - kinit loops on principals on unknown error
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
krb5-1.12.2-14.el7.src.rpm
x86_64:
krb5-debuginfo-1.12.2-14.el7.i686.rpm
krb5-debuginfo-1.12.2-14.el7.x86_64.rpm
krb5-libs-1.12.2-14.el7.i686.rpm
krb5-libs-1.12.2-14.el7.x86_64.rpm
krb5-pkinit-1.12.2-14.el7.x86_64.rpm
krb5-workstation-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
krb5-debuginfo-1.12.2-14.el7.i686.rpm
krb5-debuginfo-1.12.2-14.el7.x86_64.rpm
krb5-devel-1.12.2-14.el7.i686.rpm
krb5-devel-1.12.2-14.el7.x86_64.rpm
krb5-server-1.12.2-14.el7.x86_64.rpm
krb5-server-ldap-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
krb5-1.12.2-14.el7.src.rpm
x86_64:
krb5-debuginfo-1.12.2-14.el7.i686.rpm
krb5-debuginfo-1.12.2-14.el7.x86_64.rpm
krb5-libs-1.12.2-14.el7.i686.rpm
krb5-libs-1.12.2-14.el7.x86_64.rpm
krb5-pkinit-1.12.2-14.el7.x86_64.rpm
krb5-workstation-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
krb5-debuginfo-1.12.2-14.el7.i686.rpm
krb5-debuginfo-1.12.2-14.el7.x86_64.rpm
krb5-devel-1.12.2-14.el7.i686.rpm
krb5-devel-1.12.2-14.el7.x86_64.rpm
krb5-server-1.12.2-14.el7.x86_64.rpm
krb5-server-ldap-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
krb5-1.12.2-14.el7.src.rpm
ppc64:
krb5-debuginfo-1.12.2-14.el7.ppc.rpm
krb5-debuginfo-1.12.2-14.el7.ppc64.rpm
krb5-devel-1.12.2-14.el7.ppc.rpm
krb5-devel-1.12.2-14.el7.ppc64.rpm
krb5-libs-1.12.2-14.el7.ppc.rpm
krb5-libs-1.12.2-14.el7.ppc64.rpm
krb5-pkinit-1.12.2-14.el7.ppc64.rpm
krb5-server-1.12.2-14.el7.ppc64.rpm
krb5-server-ldap-1.12.2-14.el7.ppc64.rpm
krb5-workstation-1.12.2-14.el7.ppc64.rpm
s390x:
krb5-debuginfo-1.12.2-14.el7.s390.rpm
krb5-debuginfo-1.12.2-14.el7.s390x.rpm
krb5-devel-1.12.2-14.el7.s390.rpm
krb5-devel-1.12.2-14.el7.s390x.rpm
krb5-libs-1.12.2-14.el7.s390.rpm
krb5-libs-1.12.2-14.el7.s390x.rpm
krb5-pkinit-1.12.2-14.el7.s390x.rpm
krb5-server-1.12.2-14.el7.s390x.rpm
krb5-server-ldap-1.12.2-14.el7.s390x.rpm
krb5-workstation-1.12.2-14.el7.s390x.rpm
x86_64:
krb5-debuginfo-1.12.2-14.el7.i686.rpm
krb5-debuginfo-1.12.2-14.el7.x86_64.rpm
krb5-devel-1.12.2-14.el7.i686.rpm
krb5-devel-1.12.2-14.el7.x86_64.rpm
krb5-libs-1.12.2-14.el7.i686.rpm
krb5-libs-1.12.2-14.el7.x86_64.rpm
krb5-pkinit-1.12.2-14.el7.x86_64.rpm
krb5-server-1.12.2-14.el7.x86_64.rpm
krb5-server-ldap-1.12.2-14.el7.x86_64.rpm
krb5-workstation-1.12.2-14.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
krb5-1.12.2-14.el7.src.rpm
x86_64:
krb5-debuginfo-1.12.2-14.el7.i686.rpm
krb5-debuginfo-1.12.2-14.el7.x86_64.rpm
krb5-devel-1.12.2-14.el7.i686.rpm
krb5-devel-1.12.2-14.el7.x86_64.rpm
krb5-libs-1.12.2-14.el7.i686.rpm
krb5-libs-1.12.2-14.el7.x86_64.rpm
krb5-pkinit-1.12.2-14.el7.x86_64.rpm
krb5-server-1.12.2-14.el7.x86_64.rpm
krb5-server-ldap-1.12.2-14.el7.x86_64.rpm
krb5-workstation-1.12.2-14.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-4341
https://access.redhat.com/security/cve/CVE-2014-4342
https://access.redhat.com/security/cve/CVE-2014-4343
https://access.redhat.com/security/cve/CVE-2014-4344
https://access.redhat.com/security/cve/CVE-2014-4345
https://access.redhat.com/security/cve/CVE-2014-5352
https://access.redhat.com/security/cve/CVE-2014-5353
https://access.redhat.com/security/cve/CVE-2014-9421
https://access.redhat.com/security/cve/CVE-2014-9422
https://access.redhat.com/security/cve/CVE-2014-9423
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFU+GoxXlSAg2UNWIIRAtkZAJ9PYyHLsR1t+YWgqw4jb4XTtX8iuACgkxfi
gZD8EL2lSaLXnIQxca8zLTg=
=aK0y
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. 6) - i386, x86_64
3.
It was found that if a KDC served multiple realms, certain requests could
cause the setup_server_realm() function to dereference a NULL pointer. (CVE-2014-4343)
These updated krb5 packages also include several bug fixes. Space precludes
documenting all of these changes in this advisory. Users are directed to
the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the
References section, for information on the most significant of these
changes
| VAR-201408-0159 | CVE-2014-3336 | Cisco Unity Connection of Web In the framework SQL Injection vulnerability |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue is being tracked by Cisco Bug ID CSCuq31016. The platform can use voice commands to make calls or listen to messages "hands-free"
| VAR-201411-0417 | CVE-2014-5395 | plural Huawei Product cross-site request forgery vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors. Huawei HiLink is a new and simpler network card that Huawei has introduced. Huawei HiLink E3236 and E3276 are prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Both Huawei HiLink E3276 and E3236 are USB modem products of the Chinese Huawei (Huawei). Cross-site request forgery vulnerabilities exist in several Huawei HiLink products. The following products and versions are affected: Huawei HiLink E3276 and E3236 TCPPU versions prior to V200R002B470D13SP00C00, WebUI versions prior to V100R007B100D03SP01C03, versions prior to E5180s-22 21.270.21.00.00, and versions prior to E586Bs-2 21.322.1089.00.8
| VAR-201408-0417 | No CVE | Sharp Printers Remote Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Sharp is a Japanese electrical and electronics company. Sharp Printers is a set of printer software from Sharp Corporation of Japan.
A remote denial of service vulnerability exists in Sharp printers. An attacker could exploit this vulnerability to cause a denial of service, and possibly execute arbitrary code. Due to the nature of this issue, remote code execution is also possible
| VAR-201408-0145 | CVE-2014-0326 | Iridium Pilot and OpenPort contain multiple vulnerabilities |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allow remote attackers to read hardcoded credentials via the web interface. Additionally, these broadband satellite terminals utilize an insecure proprietary communications protocol that allows unauthenticated users to perform privileged operations on the devices (CWE-306). Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party Web There is a possibility that hard-coded credentials can be read through the interface. Iridium OpenPort is a marine satellite terminal product. Iridium Pilot and OpenPort built-in accounts have information disclosure vulnerabilities. The device's administrator authentication credentials cannot be changed, allowing attackers to exploit the vulnerability for unauthorized access. Affected devices
| VAR-201408-0034 | CVE-2013-7180 |
Cobham SATCOM products' web interface contains a weak password recovery vulnerability
Related entries in the VARIoT exploits database: VAR-E-201408-0283 |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code. Cobham Multiple product web interfaces are vulnerable to a password recovery mechanism. Cobham Multiple product web interfaces have a password reset mechanism. It ’s easy to analyze this mechanism, and the administrator account password can be altered ( CWE-640 ). CWE-640: Weak Password Recovery Mechanism for Forgotten Password http://cwe.mitre.org/data/definitions/640.htmlA remote attacker who accesses the web interface may reset the administrator password and operate the product. Cobham SATCOM is a satellite communications company. Multiple Cobham products are prone to an information-disclosure vulnerability.
An attacker can leverage this issue to obtain sensitive information that may lead to further attacks
| VAR-201408-0270 | CVE-2014-2941 | Cobham Sailor 6000 series satellite terminal contain hardcoded credentials |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Cobham Sailor 6000 satellite terminals have hardcoded Tbus 2 credentials, which allows remote attackers to obtain access via a TBUS2 command. NOTE: the vendor reportedly states "there is no possibility to exploit another user's credentials. ** Unsettled ** This case has not been confirmed as a vulnerability. Tbus 2 Protocol is the protocol used for device maintenance. The vulnerability is VU#460687 It is a different problem. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, the vendor says that “There is no possibility of misusing other users' certificates”.Any by a third party Tbus 2 Commands may be sent and the system may be operated. The Cobham Sailor 6000 Series has a security bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and gain access to the affected device
| VAR-201408-0147 | CVE-2014-0328 | Cobham thraneLINK improper verification of firmware updates vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response. Cobham thraneLINK There is a vulnerability in the firmware update function of the device. Cobham of thraneLINK The protocol does not verify the digital signature of the firmware update ( CWE-347 ). Also connected to the network thraneLINK The device SLPFindSrvs You can enumerate by protocol. As a result, crafted SNMP Prepared by a third party upon request TFTP server May download unauthorized firmware updates from. CWE-347: Improper Verification of Cryptographic Signature http://cwe.mitre.org/data/definitions/347.htmlBy a remote third party, thraneLINK A malicious firmware image may be deployed on the device and execute arbitrary code. Cobham thraneLINK is a communication protocol used by the Cobham Company in the United Kingdom for satellite communication systems. It supports SAILOR devices in connected networks and provides remote diagnostics. Cobham thraneLINK has a remote code execution vulnerability. Failed exploit attempts will likely cause denial-of-service conditions
| VAR-201409-0076 | CVE-2014-4752 |
plural IBM Vulnerability to obtain access rights in products
Related entries in the VARIoT exploits database: VAR-E-201408-0093 |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. IBM System Networking , Flex System Interconnect Fabric And other IBM Since the product has hard-coded authentication information, there is a vulnerability that can gain access. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlAccess may be obtained by a third party.
An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the affected device. This may aid in further attacks. The following products and versions are affected: IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, G8264-T switches versions prior to 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, G8264CS switches 7.8
| VAR-201408-0277 | CVE-2014-2940 | Cobham Sailor Satellite Terminals Security Bypass Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF and 2.11 VHF have hardcoded credentials for the administrator account, which allows attackers to obtain administrative control by leveraging physical access or terminal access. Cobham Sailor 900 and 6000 series satellite terminals contain hardcoded credentials. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.htmlA remote attacker could control the device. An attacker could exploit the vulnerability to bypass the authentication mechanism and gain access to the affected device.
Cobham Sailor firmware version 1.08 MFHF / 2.11 VHF is vulnerable; other versions are also affected
| VAR-201409-0449 | CVE-2014-2942 | Cobham Aviator satellite terminals contain multiple vulnerabilities |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code. Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Cobham Aviator 700D and 700E are prone to a local information-disclosure vulnerability.
An attacker with local access can exploit this issue to obtain sensitive information that may lead to further attacks
| VAR-201408-0272 | CVE-2014-2964 | Cobham Aviator satellite terminals contain multiple vulnerabilities |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line. Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. This may aid in further attacks
| VAR-201408-0146 | CVE-2014-0327 | Iridium Pilot and OpenPort contain multiple vulnerabilities |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321. Broadband satellite terminals using Iridium Pilot and OpenPort have been found to contain undocumented hardcoded login credentials (CWE-798). Additionally, these broadband satellite terminals utilize an insecure proprietary communications protocol that allows unauthenticated users to perform privileged operations on the devices (CWE-306). Supplementary information : CWE Vulnerability type by CWE-306: Missing Authentication for Critical Function ( Lack of authentication for critical functions ) Has been identified. Iridium Pilot and OpenPort are products of Iridium Corporation of the United States. Iridium Pilot is a next-generation communication terminal product that is used at sea and provides mobile voice and data communication network services. Iridium OpenPort is a marine satellite terminal product. There are authentication bypass vulnerabilities in Iridium Pilot and OpenPort. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks
| VAR-201412-0610 | CVE-2014-3556 | nginx of SMTP proxy of mail/ngx_mail_smtp_handler.c of STARTTLS Encrypted in implementation SMTP Command injection vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. This vulnerability CVE-2011-0411 It is a similar problem. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. nginx is prone to a remote command-injection vulnerability.
Attackers can exploit this issue to inject commands into SSL sessions and disclose sensitive information.
Versions prior to nginx 1.6.1 and 1.7.4 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. The vulnerability stems from the fact that the program does not properly limit I/O buffering. The following versions are affected: nginx version 1.5.x, version 1.6.0, version 1.6.1, version 1.7.0 to version 1.7.3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04533567
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04533567
Version: 1
HPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information,
Denial of Service (DoS) and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2015-01-10
Last Updated: 2015-01-10
- -----------------------------------------------------------------------------
Potential Security Impact: Remote disclosure of information, Denial of
Service (DoS) and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP SSL for
OpenVMS. These vulnerabilities could be remotely exploited to create a remote
disclosure of information, Denial of Service, and other vulnerabilities.
References:
CVE-2014-3556 - cryptographic issues (CWE-310)
CVE-2014-3567 - remote Denial of Service (DoS) (CWE-20, CWE-399)
CVE-2014-3568 - cryptographic issues (CWE-310)
SSRT101779
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP SSL for OpenVMS - All versions prior to Version 1.4-495
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1
CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP SSL Version 1.4-495 for OpenVMS is based on Open Source OpenSSL version
0.9.8zc and includes the latest security updates from OpenSSL.org.
HP has made the following patch kit available to resolve the vulnerabilities.
The HP SSL Version 1.4-495 for OpenVMS is available from the following
locations:
OpenVMS HP SSL website:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
The HP SSL Version 1.4-495 for OpenVMS kits for both Integrity and Alpha
platforms have been uploaded to HP Support Center website. Customers can
access the kits from Patch Management page.
Go to https://h20566.www2.hp.com/portal/site/hpsc/patch/home/
Login using your HP Passport account
Search for the Patch Kit Name from the table below
HP SSL Version OpenVMS
Platform
Patch Kit Name
V1.4-495
Alpha
OpenVMS V8.3, V8.4
HP-AXPVMS-SSL-V0104
V1.4-495
ITANIUM
OpenVMS V8.3, V8.3-1H1, V8.4
HP-I64VMS-SSL-V0104
HISTORY
Version:1 (rev.1) - 10 December 2014 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlSwdq4ACgkQ4B86/C0qfVmlZgCg825/1F8UumLLhYt0pKaqeN5n
Fj0AoJvSKKRxuu+/ayOhqr97QoDWGTSX
=ZBgU
-----END PGP SIGNATURE-----
| VAR-201408-0153 | CVE-2014-3327 | Cisco IOS and IOS XE of EnergyWise Service disruption in modules (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches.
This issue is being tracked by Cisco Bug ID CSCup52101. https://tools.cisco.com/bugsearch/bug/CSCup52101
| VAR-201408-0156 | CVE-2014-3332 | Cisco Unified Communications Manager Vulnerabilities in establishing undetected simultaneous logins |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029. Vendors have confirmed this vulnerability Bug ID CSCup98029 It is released as.Remotely authenticated users can establish undetected simultaneous logins.
Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions.
This issue is being tracked by Cisco Bug ID CSCup98029. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. A remote attacker could exploit this vulnerability to log in as an authorized user
| VAR-201408-0157 | CVE-2014-3333 | Cisco Unity Connection Vulnerability in Privileged Access Rights Obtained on Servers |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014. Cisco Unity Connection The server contains a vulnerability that allows privileged access.
This issue is being tracked by Cisco Bug ID CSCup41014. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free"
| VAR-201408-0212 | CVE-2014-5139 | OpenSSL Client null pointer reference vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. OpenSSL Clients A null pointer reference vulnerability exists. CWE-476: NULL Pointer Dereference https://cwe.mitre.org/data/definitions/476.htmlClient terminated abnormally, resulting in service disruption (DoS) There is a possibility of being attacked. OpenSSL is prone to a local denial-of-service vulnerability.
An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions.
OpenSSL 1.0.1 prior to 1.0.1i are vulnerable.
References:
CVE-2014-0224 Remote Unauthorized Access, Disclosure of Information
CVE-2014-3509 Remote Denial of Service (DoS)
CVE-2014-3511 Remote Unauthorized Access, Disclosure of Information
CVE-2014-5139 Remote Denial of Service (DoS)
SSRT101818
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Note: For versions not listed, please contact support:
Note: ServiceCenter 6.2 is impacted only if using the Directory Services
integration feature with the SC LDAP over SSL (LDAPS) protocol. If this
feature is in use, HP recommends that ServiceCenter 6.2 customers upgrade to
Service Manager 7.11, 9.21, or 9.34, and then apply the patches listed below.
Patch Version
Package Name / SSO URL
SM711P22
AIX Server 7.11.720 p22
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00614
HP Itanium Server 7.11.720 p22
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00615
HP parisc Server 7.11.720 p22
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00616
Linux x86 Server 7.11.720 p22
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00617
Solaris Server 7.11.720 p22
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00618
Windows Server 7.11.720 p22
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00619
SM921P9
AIX server 9.21.706 P9
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00621
HPUX/IA server 9.21.706 P9
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00622
HPUX/PA server 9.21.706 P9
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00623
Linux server 9.21.706 P9
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00624
Solaris server 9.21.706 P9
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00625
Windows server 9.21.706 P9
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00626
SM934P2
AIX Server 9.34.2003 p2
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00605
HP Itanium Server 9.34.2003 p2
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00606
Linux Server 9.34.2003 p2
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00607
Solaris Server 9.34.2003 p2
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00608
Windows Server 9.34.2003 p2
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/LID/HPSM_00609
HISTORY
Version:1 (rev.1) - 22 January 2015 Initial release
Version:2 (rev.2) - 23 January 2015 added note for versions not listed in
table. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-14:18.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2014-09-09
Affects: All supported versions of FreeBSD.
Corrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE)
2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8)
2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE)
2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1)
2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11)
2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18)
2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE)
2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15)
CVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510,
CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
II. Problem Description
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL
to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak
memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_ex et al. to leak some information from
the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
a denial of service attack. [CVE-2014-3510]
The following problems affect FreeBSD 10.0-RELEASE and later:
If a multithreaded client connects to a malicious server using a resumed
session and the server sends an ec point format extension it could write
up to 255 bytes to freed memory. [CVE-2014-3509]
A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
TLS 1.0 instead of higher protocol versions when the ClientHello message
is badly fragmented. [CVE-2014-5139]
III. Impact
A remote attacker may be able to cause a denial of service (application
crash, large memory consumption), obtain additional information,
cause protocol downgrade. Additionally, a remote attacker may be able
to run arbitrary code on a vulnerable system if the application has been
set up for SRP.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 10.0]
# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch
# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc
# gpg --verify openssl-10.0.patch.asc
[FreeBSD 9.3]
# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch
# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc
# gpg --verify openssl-9.3.patch.asc
[FreeBSD 9.2, 9.1, 8.4]
# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch
# fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc
# gpg --verify openssl-9.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
Restart all deamons using the library, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r269687
releng/8.4/ r271305
stable/9/ r269687
releng/9.1/ r271305
releng/9.2/ r271305
releng/9.3/ r271305
stable/10/ r269686
releng/10.0/ r271304
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201412-39
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenSSL: Multiple vulnerabilities
Date: December 26, 2014
Bugs: #494816, #519264, #525468
ID: 201412-39
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in OpenSSL, the worst of which
could result in Denial of Service or Man-in-the-Middle attacks.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.1j *>= 0.9.8z_p2
>= 1.0.1j
Description
===========
Multiple vulnerabilities have been discovered in OpenSSL. Please review
the CVE identifiers referenced below for details.
Resolution
==========
All OpenSSL 1.0.1 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j"
All OpenSSL 0.9.8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2"
Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying these packages.
References
==========
[ 1 ] CVE-2013-6449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449
[ 2 ] CVE-2013-6450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450
[ 3 ] CVE-2014-3505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505
[ 4 ] CVE-2014-3506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506
[ 5 ] CVE-2014-3507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507
[ 6 ] CVE-2014-3509
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509
[ 7 ] CVE-2014-3510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510
[ 8 ] CVE-2014-3511
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511
[ 9 ] CVE-2014-3512
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512
[ 10 ] CVE-2014-3513
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513
[ 11 ] CVE-2014-3567
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567
[ 12 ] CVE-2014-3568
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568
[ 13 ] CVE-2014-5139
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-39.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
References:
CVE-2014-3566
CVE-2014-5139
SSRT101916
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Contact vcemsdksupportteam@hp.com to request the HP Virtual Connect
Enterprise Manager SDK v7.4.1 or later.
The HP Matrix Operating Environment v7.2.3 Update kit applicable to HP Matrix
Operating Environment v7.2.x installations is available at the following
location:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber
=HPID
NOTE: Please read the readme.txt file before proceeding with the
installation. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04624296
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04624296
Version: 1
HPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and
Windows, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2015-04-01
Last Updated: 2015-04-01
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP System
Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version
Control Agent (VCA) which are components of HP Insight Control server
deployment. These vulnerabilities are related to the SSLv3 vulnerability
known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE". The
components of HP Insight Control server deployment could be exploited
remotely to allow disclosure of information.
HP Insight Control server deployment includes HP System Management Homepage
(SMH), HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and
deploys them through the following jobs. This bulletin provides the
information needed to update the vulnerable components in HP Insight Control
server deployment.
Install HP Management Agents for Windows x86/x64
Install HP Management Agents for RHEL 5 x64
Install HP Management Agents for RHEL 6 x64
Install HP Management Agents for SLES 10 x64
Install HP Management Agents for SLES 11 x64
Upgrade Proliant Firmware
References:
CVE-2014-3508
CVE-2014-3509
CVE-2014-3511
CVE-2014-3513
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
CVE-2014-5139
SSRT102004
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2014-3513 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1
CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2014-3567 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1
CVE-2014-3568 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following instructions to resolve this vulnerability.
Note: For HP Insight deployment Control server v7.1.2, v7.2.0, v7.2.1 and
v7.2.2, you must upgrade to v7.3.1 and follow the steps from 1 to 11
mentioned below to resolve the vulnerability.
Delete the files smh*.exe from Component Copy Location listed in the
following table, rows 1 and 2.
Delete the files vca*.exe/vcaamd64-*.exe from Component Copy Location listed
in the following table, rows 3 and 4.
Delete the files hpsmh-7.*.rpm" from Component Copy Location listed in row 5.
In sequence, perform the steps from left to right in the following table.
First, download components from Download Link; Second, rename the component
as suggested in Rename to. Third, copy the component to the location
specified in Component Copy Location.
Table Row Number
Download Link
Rename to
Component Copy Location
1
http://www.hp.com/swpublishing/MTX-bd2042a1c7574aad90c4839efe
smhamd64-cp023964.exe
\\express\hpfeatures\hpagents-ws\components\Win2008
2
http://www.hp.com/swpublishing/MTX-062078f1ae354b7e99c86c151c
smhx86-cp023963.exe
\\express\hpfeatures\hpagents-ws\components\Win2008
3
http://www.hp.com/swpublishing/MTX-7b23e47d5d9b420b94bd1323eb
vcax86 cp025295.exe
\\express\hpfeatures\hpagents-ws\components\Win2008
4
http://www.hp.com/swpublishing/MTX-2557aa7dc1654cf6b547c1a9e4
vcaamd64-cp025296.exe
\\express\hpfeatures\hpagents-ws\components\Win2008
5
http://www.hp.com/swpublishing/MTX-5827037475e44abab586463723
Do not rename the downloaded component for this step.
\\express\hpfeatures\hpagents-sles11-x64\components
\\express\hpfeatures\hpagents-sles10-x64\components
\\express\hpfeatures\hpagents-rhel5-x64\components
\\express\hpfeatures\hpagents-rhel6-x64\components
6
http://www.hp.com/swpublishing/MTX-57ab6bb78b6e47a18718f44133
Do not rename the downloaded component for this step.
\\express\hpfeatures\hpagents-sles11-x64\components
\\express\hpfeatures\hpagents-sles10-x64\components
\\express\hpfeatures\hpagents-rhel5-x64\components
\\express\hpfeatures\hpagents-rhel6-x64\components
7
http://www.hp.com/swpublishing/MTX-34bcab41ac7e4db299e3f5f2f1
smhx86-cp025274.exe
\\express\hpfeatures\hpagents-ws\components\Win2003
8
http://www.hp.com/swpublishing/MTX-00eb9ac82e86449e8c3ba101bd
smhamd64-cp025275.exe
\\express\hpfeatures\hpagents-ws\components\Win2003
Download and extract the HP SUM component from
ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p991570621/v99346
Copy all content from extracted folder and paste at
\\eXpress\hpfeatures\fw-proLiant\components
Initiate Install HP Management Agents for SLES 11 x64 on the target running
SLES11 x64.
Initiate Install HP Management Agents for SLES 10 x64 on the target running
SLES10 x64.
Initiate Install HP Management Agents for RHEL 6 x64 on the target running
RHEL 6 x64.
Initiate Install HP Management Agents for RHEL 5 x64 on the target running
RHEL 5 x64.
Initiate Install HP Management Agents for Windows x86/x64 job on the target
running Windows.
HISTORY
Version:1 (rev.1) - 1 April 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlUb+3EACgkQ4B86/C0qfVnD1wCg+LtrJpQcATsjJ308tHP49nog
0sgAoJ5L9/aT7iAxhlnZdRatqjBoIFxb
=pzE4
-----END PGP SIGNATURE-----