VARIoT IoT vulnerabilities database
| VAR-201405-0478 | CVE-2014-2133 | Cisco Advanced Recording Format Player Vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file that triggers improper LZW decompression, aka Bug ID CSCuj87565. Cisco Advanced Recording Format (ARF) Player Contains a buffer overflow vulnerability.
An attacker could exploit this issue to crash the affected player causing denial-of-service conditions or execute arbitrary code in context of the user.
This issue is being tracked by Cisco Bug ID CSCuj87565
| VAR-201405-0479 | CVE-2014-2134 | Cisco WebEx Recording Format Player Heap-based buffer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio channel in a .wrf file, aka Bug ID CSCuc39458. Cisco WebEx Recording Format (WRF) Player Contains a heap-based buffer overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions
| VAR-201405-0480 | CVE-2014-2135 | Cisco Advanced Recording Format Player Vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603.
An attacker could exploit this issue to crash the affected player causing denial-of-service conditions or execute arbitrary code in context of the user.
This issue is being tracked by Cisco Bug IDs CSCul87216, CSCuj07603
| VAR-201405-0481 | CVE-2014-2136 | Cisco Advanced Recording Format Player Vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166.
An attacker could exploit this issue to crash the affected player causing denial-of-service conditions or execute arbitrary code in context of the user.
This issue is being tracked by Cisco Bug IDs CSCui72223, CSCul01163, CSCul0116
| VAR-201407-0070 | CVE-2014-1348 | Apple iOS Vulnerability in obtaining important information in email |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition. Apple iOS is prone to multiple vulnerabilities.
The update addresses new vulnerabilities that affect CoreGraphics, Lockdown, Lock Screen, Mail, Safari, Settings, and Siri.
Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, gain unauthorized access, obtain sensitive information, bypass security restrictions, and perform other attacks.
These issues affect iOS Prior to 7.1.2. Information obtained may aid in further attacks. When used at the lock screen,
Siri did not require the passcode before viewing the complete contact
list. A maliciously crafted URL could have led to
sending an incorrect postMessage origin. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-09-17-1 iOS 8
iOS 8 is now available and addresses the following:
802.1X
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported stronger
authentication methods. This issue was addressed by disabling LEAP by
default.
CVE-ID
CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim
Lamotte of Universiteit Hasselt
Accounts
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to identify the Apple ID
of the user
Description: An issue existed in the access control logic for
accounts. A sandboxed application could get information about the
currently-active iCloud account, including the name of the account.
This issue was addressed by restricting access to certain account
types from unauthorized applications.
CVE-ID
CVE-2014-4423 : Adam Weaver
Certificate Trust Policy
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
http://support.apple.com/kb/HT5012.
Accessibility
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The device may not lock the screen when using AssistiveTouch
Description: A logic issue existed in AssistiveTouch's handling of
events, which resulted in the screen not locking. This issue was
addressed through improved handling of the lock timer.
CVE-ID
CVE-2014-4368 : Hendrik Bettermann
Accounts Framework
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with access to an iOS device may access
sensitive user information from logs
Description: Sensitive user information was logged. This issue was
addressed by logging less information.
CVE-ID
CVE-2014-4357 : Heli Myllykoski of OP-Pohjola Group
Address Book
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may read the
address book
Description: The address book was encrypted with a key protected
only by the hardware UID. This issue was addressed by encrypting the
address book with a key protected by the hardware UID and the user's
passcode.
CVE-ID
CVE-2014-4352 : Jonathan Zdziarski
App Installation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to escalate privileges and
install unverified applications
Description: A race condition existed in App Installation. An
attacker with the capability of writing to /tmp may have been able to
install an unverified app. This issue was addressed by staging files
for installation in another directory.
CVE-ID
CVE-2014-4386 : evad3rs
App Installation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local attacker may be able to escalate privileges and
install unverified applications
Description: A path traversal issue existed in App Installation. A
local attacker could have retargeted code signature validation to a
bundle different from the one being installed and cause installation
of an unverified app. This issue was addressed by detecting and
preventing path traversal when determining which code signature to
verify.
CVE-ID
CVE-2014-4384 : evad3rs
Assets
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to cause an iOS device to think that it is up to date even when it is
not
Description: A validation issue existed in the handling of update
check responses. Spoofed dates from Last-Modified response headers
set to future dates were used for If-Modified-Since checks in
subsequent update requests. This issue was addressed by validation of
the Last-Modified header.
CVE-ID
CVE-2014-4383 : Raul Siles of DinoSec
Bluetooth
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Bluetooth is unexpectedly enabled by default after upgrading
iOS
Description: Bluetooth was enabled automatically after upgrading
iOS. This was addressed by only turning on Bluetooth for major or
minor version updates.
CVE-ID
CVE-2014-4354 : Maneet Singh, Sean Bluestein
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
CoreGraphics
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or an information disclosure
Description: An out of bounds memory read existed in the handling of
PDF files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program
Data Detectors
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Tapping on a FaceTime link in Mail would trigger a FaceTime
audio call without prompting
Description: Mail did not consult the user before launching
facetime-audio:// URLs. This issue was addressed with the addition of
a confirmation prompt.
CVE-ID
CVE-2013-6835 : Guillaume Ross
Foundation
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application using NSXMLParser may be misused to disclose
information
Description: An XML External Entity issue existed in NSXMLParser's
handling of XML. This issue was addressed by not loading external
entities across origins.
CVE-ID
CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)
Home & Lock Screen
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A background app can determine which app is frontmost
Description: The private API for determining the frontmost app did
not have sufficient access control. This issue was addressed through
additional access control.
CVE-ID
CVE-2014-4361 : Andreas Kurtz of NESO Security Labs and Markus
TroBbach of Heilbronn University
iMessage
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Attachments may persist after the parent iMessage or MMS is
deleted
Description: A race condition existed in how attachments were
deleted. This issue was addressed by conducting additional checks on
whether an attachment has been deleted.
CVE-ID
CVE-2014-4353 : Silviu Schiau
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may cause an unexpected system termination
Description: A null pointer dereference existed in the handling of
IOAcceleratorFamily API arguments. This issue was addressed through
improved validation of IOAcceleratorFamily API arguments.
CVE-ID
CVE-2014-4369 : Catherine aka winocm
IOAcceleratorFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The device may unexpectedly restart
Description: A NULL pointer dereference was present in the
IntelAccelerator driver. The issue was addressed by improved error
handling.
CVE-ID
CVE-2014-4373 : cunzhang from Adlab of Venustech
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to read kernel pointers,
which can be used to bypass kernel address space layout randomization
Description: An out-of-bounds read issue existed in the handling of
an IOHIDFamily function. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4379 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: An out-of-bounds write issue existed in the IOHIDFamily
kernel extension. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to read uninitialized
data from kernel memory
Description: An uninitialized memory access issue existed in the
handling of IOKit functions. This issue was addressed through
improved memory initialization
CVE-ID
CVE-2014-4407 : @PanguTeam
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4418 : Ian Beer of Google Project Zero
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-4388 : @PanguTeam
IOKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to determine kernel memory layout
Description: Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with a privileged network position may cause a
denial of service
Description: A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: A double free issue existed in the handling of Mach
ports. This issue was addressed through improved validation of Mach
ports.
CVE-ID
CVE-2014-4375 : an anonymous researcher
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to cause an unexpected system
termination or arbitrary code execution in the kernel
Description: An out-of-bounds read issue existed in rt_setgate. This
may lead to memory disclosure or memory corruption. This issue was
addressed through improved bounds checking.
CVE-ID
CVE-2014-4408
Kernel
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Some kernel hardening measures may be bypassed
Description: The random number generator used for kernel hardening
measures early in the boot process was not cryptographically secure.
Some of its output was inferable from user space, allowing bypass of
the hardening measures. This issue was addressed by using a
cryptographically secure algorithm.
CVE-ID
CVE-2014-4422 : Tarjei Mandt of Azimuth Security
Libnotify
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with root privileges
Description: An out-of-bounds write issue existed in Libnotify. This
issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4381 : Ian Beer of Google Project Zero
Lockdown
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A device can be manipulated into incorrectly presenting the
home screen when the device is activation locked
Description: An issue existed with unlocking behavior that caused a
device to proceed to the home screen even if it should still be in an
activation locked state. This was addressed by changing the
information a device verifies during an unlock request.
CVE-ID
CVE-2014-1360
Mail
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Login credentials can be sent in plaintext even if the
server has advertised the LOGINDISABLED IMAP capability
Description: Mail sent the LOGIN command to servers even if they had
advertised the LOGINDISABLED IMAP capability. This issue is mostly a
concern when connecting to servers that are configured to accept non-
encrypted connections and that advertise LOGINDISABLED. This issue
was addressed by respecting the LOGINDISABLED IMAP capability.
CVE-ID
CVE-2014-4366 : Mark Crispin
Mail
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to an iOS device may
potentially read email attachments
Description: A logic issue existed in Mail's use of Data Protection
on email attachments. This issue was addressed by properly setting
the Data Protection class for email attachments.
CVE-ID
CVE-2014-1348 : Andreas Kurtz of NESO Security Labs
Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Voice Dial is unexpectedly enabled after upgrading iOS
Description: Voice Dial was enabled automatically after upgrading
iOS. This issue was addressed through improved state management.
CVE-ID
CVE-2014-4367 : Sven Heinemann
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: User credentials may be disclosed to an unintended site via
autofill
Description: Safari may have autofilled user names and passwords
into a subframe from a different domain than the main frame. This
issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-5227 : Niklas Malmgren of Klarna AB
Safari
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials
Description: Saved passwords were autofilled on http sites, on https
sites with broken trust, and in iframes. This issue was addressed by
restricting password autofill to the main frame of https sites with
valid certificate chains.
CVE-ID
CVE-2014-4363 : David Silver, Suman Jana, and Dan Boneh of Stanford
University working with Eric Chen and Collin Jackson of Carnegie
Mellon University
Sandbox Profiles
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Apple ID information is accessible by third-party apps
Description: An information disclosure issue existed in the third-
party app sandbox. This issue was addressed by improving the third-
party sandbox profile.
CVE-ID
CVE-2014-4362 : Andreas Kurtz of NESO Security Labs and Markus
TroBbach of Heilbronn University
Settings
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Text message previews may appear at the lock screen even
when this feature is disabled
Description: An issue existed in the previewing of text message
notifications at the lock screen. As a result, the contents of
received messages would be shown at the lock screen even when
previews were disabled in Settings. The issue was addressed through
improved observance of this setting.
CVE-ID
CVE-2014-4356 : Mattia Schirinzi from San Pietro Vernotico (BR),
Italy
syslog
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user may be able to change permissions on arbitrary
files
Description: syslogd followed symbolic links while changing
permissions on files. This issue was addressed through improved
handling of symbolic links.
CVE-ID
CVE-2014-4372 : Tielei Wang and YeongJin Jang of Georgia Tech
Information Security Center (GTISC)
Weather
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Location information was sent unencrypted
Description: An information disclosure issue existed in an API used
to determine local weather. This issue was addressed by changing
APIs.
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious website may be able to track users even when
private browsing is enabled
Description: A web application could store HTML 5 application cache
data during normal browsing and then read the data during private
browsing. This was addressed by disabling access to the application
cache when in private browsing mode.
CVE-ID
CVE-2014-4409 : Yosuke Hasegawa (NetAgent Co., Led.)
WebKit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-6663 : Atte Kettunen of OUSPG
CVE-2014-1384 : Apple
CVE-2014-1385 : Apple
CVE-2014-1387 : Google Chrome Security Team
CVE-2014-1388 : Apple
CVE-2014-1389 : Apple
CVE-2014-4410 : Eric Seidel of Google
CVE-2014-4411 : Google Chrome Security Team
CVE-2014-4412 : Apple
CVE-2014-4413 : Apple
CVE-2014-4414 : Apple
CVE-2014-4415 : Apple
WiFi
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A device may be passively tracked by its WiFi MAC address
Description: An information disclosure existed because a stable MAC
address was being used to scan for WiFi networks. This issue was
addressed by randomizing the MAC address for passive WiFi scans.
Note:
iOS 8 contains changes to some diagnostic capabilities.
For details, please consult http://support.apple.com/kb/HT6331
iOS 8 now permits devices to untrust all previously trusted
computers. Instructions can be found at
http://support.apple.com/kb/HT5868
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUGNl6AAoJEBcWfLTuOo7tD0oP/2QjJQxEaVKH5GhKX7HTLB9e
W2oU7kHqds6p9HQg3iw9SXs/c03EH2++Tf5+Kul8V94QZB2jD4T28MUctAjrvSX7
rHRTPFJn8dm6Dr/zReon3q6ph8PlnDGySJLON/RwrSwHpWcd8wA4uCC6gTPur3T9
tNfPrkT+b4iO4QsSLQaK6bJqTFmWruqEFwdXmtOY8qYOsEANMr9HPdm9WwEcdQaZ
tZZpa1FU4jIdfHZw18a3rzQ1LW4OO9fWbihKRgY8xq+Q8+Cs/EnY9hCIN0jl0OHm
TMvKojeO4CCBAKpwUQOVERkI4Oc7Ux6GefT84ttYu095KzmZVjq9yWmi0FcBAVMV
s32YL/alCNm86uNvxvkAvWJ3ZeZymuoTZHoNX5YNGIhuunRZONK94ay1RtYMdWPl
iesWma7tn9g/xMWRaDKfRy2vtUuetBVxiaAr3AqvMp+mx0lmmLOO8x1SxeKe+QUy
HO1O1DVAWPv2JIEf7mstDBHfQKYBRcgM3P4DJAgkrgH42ZNWb06ZyQhpAvFLVncD
g2/Q0cwUlPOvdNKxoUD3IVVwPZeIefw3vqrSHXSQPpIMkJJFrBbIB8v6nnkheebg
h5bPWfIxP0wuBjWz8SjOlPaSjxNxpmHK3H0tLU1q6TneBlmte405ytT4zSI7bvOY
ZZCDpw0BRMEXUyXqTns7
=hlmW
-----END PGP SIGNATURE-----
| VAR-201405-0466 | CVE-2014-2181 | Cisco Adaptive Security Appliance Software read vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cisco Adaptive Security Appliance (ASA) Software allows remote authenticated users to read files by sending a crafted URL to the HTTP server, as demonstrated by reading the running configuration, aka Bug ID CSCun78551.
An attacker can exploit exploit this issue to gain access to files stored on the device file system, which may lead to further attacks.
This issue is tracked by Cisco BugId CSCun78551
| VAR-201405-0467 | CVE-2014-2190 | Telco and Wireless for Cisco Broadcast Access Center of Web Cross-site request forgery vulnerability in framework |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389. Vendors have confirmed this vulnerability Bug IDs CSCuo23804 and CSCuo26389 It is released as.A third party is hijacking the authentication of any user, BAC-TW Is subject to change. Cisco Broadband Access Center (BAC) is a decentralized, strippable, signer device hypervisor that implements automated user traffic management through the provision of user services.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is being tracked by Cisco Bug ID CSCuo23804 and CSCuo26389. A remote attacker could exploit this vulnerability to modify BAC-TW
| VAR-201405-0468 | CVE-2014-2191 | Telco and Wireless for Cisco Broadcast Access Center of Web Cross-site scripting vulnerability in the framework |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun91113. Vendors have confirmed this vulnerability CSCun91113 It is released as.By any third party through unspecified parameters Web Script or HTML May be inserted. Cisco Broadband Access Center (BAC) is a decentralized, strippable, signer device hypervisor that implements automated user traffic management through the provision of user services.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCun91113
| VAR-201405-0502 | CVE-2014-0116 | Apache Struts of CookieInterceptor In ClassLoader Vulnerability manipulated |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. This vulnerability CVE-2014-0113 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation " And the session state may change. Apache Struts is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.
Apache Struts versions 2.0.0 through 2.3.16.2 are vulnerable
| VAR-201405-0556 | No CVE | ABB UNITROL 1000 Series Commissioning and Maintenance Tool Arbitrary file coverage vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
ABB UNITROL 1000 series commissioning and maintenance tool ActiveX control is a set of tools for system debugging and maintenance of UNITROL 1000 series equipment by Swiss ABB company.
An arbitrary file coverage vulnerability exists in the ABB UNITROL 1000 series commissioning and maintenance tool ActiveX control. An attacker could use this vulnerability to overwrite arbitrary files in the context of a Web page using the control
| VAR-201405-0170 | CVE-2014-0684 | Cisco Nexus 7000 Runs on the switch Cisco NX-OS Service disruption in (DoS) Vulnerabilities |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. Cisco Nexus 7000 Runs on the switch Cisco NX-OS There is a service disruption (DoS) There are vulnerabilities that are put into a state.
Successfully exploiting this issue allows attackers to cause denial-of-service conditions.
This issue is being tracked by Cisco Bug ID CSCui56136
| VAR-201405-0171 | CVE-2014-0685 | VMware for Cisco Nexus 1000V InterCloud In ACL Vulnerability that avoids rejection statements |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. The Cisco NX-OS Nexus 1000V has security vulnerabilities. Because the access control list lacks support for IGMPv2 and IGMPv3, remote attackers can send IGMPv2 and IGMPv3 communications to bypass the 'deny' statement in the access control list.
An attacker can exploit these issues to bypass certain security restrictions. This may aid in further attacks.
These issues are being tracked by Cisco BugID CSCug61691. The software provides Cisco Catalyst switch functions such as QoS, ACL and SPAN in a VMware virtualized environment
| VAR-201405-0649 | No CVE | NETGEAR DGN1000 undocumented scfgmgr service vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The NETGEAR DGN1000 is a wireless router device. The NETGEAR DGN1000 has a design problem with the scfgmgr service when processing inbound requests, allowing attackers to submit specially crafted requests and perform various operations such as getting configuration files and executing arbitrary shell commands.
| VAR-201405-0629 | No CVE | NETGEAR DGN2200 ADSL Router Cross-Site Request Forgery Vulnerability |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
The NETGEAR DGN2200 has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. NETGEAR DGN2200 is a wireless router product from NETGEAR.
The NETGEAR DGN2200 router has a cross-site request forgery vulnerability. A remote attacker could use this vulnerability to perform unauthorized operations. There are vulnerabilities in the NETGEAR DGN2200 router running firmware 1.0.0.29_1.7.29, other versions may also be affected. This may lead to further attacks
| VAR-201405-0244 | CVE-2014-0198 | OpenSSL ‘ do_ssl3_write ‘Function buffer error vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. OpenSSL is prone to denial-of-service vulnerability.
An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions.
Corrected: 2014-05-13 23:19:16 UTC (stable/10, 10.0-STABLE)
2014-05-13 23:22:28 UTC (releng/10.0, 10.0-RELEASE-p3)
CVE Name: CVE-2014-0198
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>. Background
FreeBSD includes software from the OpenSSL Project.
The TLS protocol supports an alert protocol which can be used to signal the
other party with certain failures in the protocol context that may require
immediate termination of the connection.
II. Problem Description
An attacker can trigger generation of an SSL alert which could cause a null
pointer deference.
III.
IV.
The FreeBSD base system service daemons and utilities do not use the
SSL_MODE_RELEASE_BUFFERS mode. However, many third party software uses this
mode to reduce their memory footprint and may therefore be affected by this
issue.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-14:10/openssl.patch
# fetch http://security.FreeBSD.org/patches/SA-14:10/openssl.patch.asc
# gpg --verify openssl.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
Restart all deamons using the library, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r265986
releng/10.0/ r265987
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. ============================================================================
Ubuntu Security Notice USN-2192-1
May 05, 2014
openssl vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
OpenSSL could be made to crash if it received specially crafted network
traffic.
(CVE-2010-5298)
It was discovered that OpenSSL incorrectly handled memory in the
do_ssl3_write() function.
(CVE-2014-0198)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libssl1.0.0 1.0.1f-1ubuntu2.1
Ubuntu 13.10:
libssl1.0.0 1.0.1e-3ubuntu1.3
Ubuntu 12.10:
libssl1.0.0 1.0.1c-3ubuntu2.8
Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.13
After a standard system update you need to reboot your computer to make all
the necessary changes.
Release Date: 2014-06-20
Last Updated: 2014-11-20
Potential Security Impact: Remote Denial of Service (DoS), code execution,
unauthorized access, modification of information, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Network
Products running OpenSSL. The vulnerabilities could be exploited remotely to
create a Denial of Service (DoS), execute code, allow unauthorized access,
modify or disclose information.
References:
CVE-2010-5298 (SSRT101561) Remote Denial of Service (DoS) or Modification
of Information
CVE-2014-0198 (SSRT101561) Remote Unauthorized Access
CVE-2014-0224 (SSRT101593) Remote Unauthorized Access or Disclosure of
Information
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION
section below for a list of impacted products.
NOTE:
All products listed are impacted by CVE-2014-0224. This is the vulnerability
known as "Heartbleed".
HP Intelligent Management Center (iMC) is also impacted by CVE-2014-0198 and
CVE-2010-5298.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0
CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
On June 5th 2014, OpenSSL.org issued an advisory with several CVE
vulnerabilities. HP Networking is working to release fixes for these
vulnerabilities that impact the products in the table below. As fixed
software is made available, this security bulletin will be updated to show
the fixed versions. Until the software fixes are available, HP Networking is
providing the following information including possible workarounds to
mitigate the risks of these vulnerabilities.
Description
The most serious issue reported is CVE-2014-0224 and it is the one
discussed here.
Workarounds
HP Networking equipment is typically deployed inside firewalls and access
to management interfaces and other protocols is more tightly controlled than
in public environments.
Following the guidelines in the Hardening Comware-based devices can help
to further reduce man-in-the-middle opportunities:
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=
c03536920
For an HP Networking device acting as an OpenSSL Server, using a patched
OpenSSL client or non-OpenSSL client eliminates the risk.
Protocol Notes
The following details the protocols that use OpenSSL in Comware v5 and
Comware v7:
- Comware V7:
Server:
FIPS/HTTPS/Load Balancing/Session Initiation Protocol
Client:
Load Balancing/OpenFlow/Session Initiation Protocol/State Machine
Based Anti-Spoofing/Dynamic DNS
- Comware V5:
Server:
CAPWAP/EAP/SSLVPN
Client:
Dynamic DNS
Family
Fixed Version
HP Branded Products Impacted
H3C Branded Products Impacted
3Com Branded Products Impacted
12900 Switch Series
12900_7.10.R1109
12900_7.10.R1005P07
JG619A HP FF 12910 Switch AC Chassis
JG621A HP FF 12910 Main Processing Unit
JG632A HP FF 12916 Switch AC Chassis
JG634A HP FF 12916 Main Processing Unit
12500.0
12500_5.20.R1828P04
12500_5.20.R1828P04-US
JC085A HP A12518 Switch Chassis
JC086A HP A12508 Switch Chassis
JC652A HP 12508 DC Switch Chassis
JC653A HP 12518 DC Switch Chassis
JC654A HP 12504 AC Switch Chassis
JC655A HP 12504 DC Switch Chassis
JF430A HP A12518 Switch Chassis
JF430B HP 12518 Switch Chassis
JF430C HP 12518 AC Switch Chassis
JF431A HP A12508 Switch Chassis
JF431B HP 12508 Switch Chassis
JF431C HP 12508 AC Switch Chassis
JC072B HP 12500 Main Processing Unit
JC808A HP 12500 TAA Main Processing Unit
H3C S12508 Routing Switch(AC-1) (0235A0GE)
H3C S12518 Routing Switch(AC-1) (0235A0GF)
H3C S12508 Chassis (0235A0E6)
H3C S12508 Chassis (0235A38N)
H3C S12518 Chassis (0235A0E7)
H3C S12518 Chassis (0235A38M)
12500 (Comware v7)
12500_7.10.R7328P03
JC085A HP A12518 Switch Chassis
JC086A HP A12508 Switch Chassis
JC652A HP 12508 DC Switch Chassis
JC653A HP 12518 DC Switch Chassis
JC654A HP 12504 AC Switch Chassis
JC655A HP 12504 DC Switch Chassis
JF430A HP A12518 Switch Chassis
JF430B HP 12518 Switch Chassis
JF430C HP 12518 AC Switch Chassis
JF431A HP A12508 Switch Chassis
JF431B HP 12508 Switch Chassis
JF431C HP 12508 AC Switch Chassis
JC072B HP 12500 Main Processing Unit
JG497A HP 12500 MPU w/Comware V7 OS
JG782A HP FF 12508E AC Switch Chassis
JG783A HP FF 12508E DC Switch Chassis
JG784A HP FF 12518E AC Switch Chassis
JG785A HP FF 12518E DC Switch Chassis
JG802A HP FF 12500E MPU
H3C S12508 Routing Switch(AC-1) (0235A0GE)
H3C S12518 Routing Switch(AC-1) (0235A0GF)
H3C S12508 Chassis (0235A0E6)
H3C S12508 Chassis (0235A38N)
H3C S12518 Chassis (0235A0E7)
H3C S12518 Chassis (0235A38M)
11900 Switch Series
11900_7.10.R2111P04
JG608A HP FF 11908-V Switch Chassis
JG609A HP FF 11900 Main Processing Unit
10500 Switch Series (Comware v5)
10500_5.20.R1208P09 10500_5.20.R1208P09-US
JC611A HP 10508-V Switch Chassis
JC612A HP 10508 Switch Chassis
JC613A HP 10504 Switch Chassis
JC614A HP 10500 Main Processing Unit
JC748A HP 10512 Switch Chassis
JG375A HP 10500 TAA Main Processing Unit
JG820A HP 10504 TAA Switch Chassis
JG821A HP 10508 TAA Switch Chassis
JG822A HP 10508-V TAA Switch Chassis
JG823A HP 10512 TAA Switch Chassis
10500 Switch Series (Comware v7)
10500_7.10.R2111P04
JC611A HP 10508-V Switch Chassis
JC612A HP 10508 Switch Chassis
JC613A HP 10504 Switch Chassis
JC748A HP 10512 Switch Chassis
JG820A HP 10504 TAA Switch Chassis
JG821A HP 10508 TAA Switch Chassis
JG822A HP 10508-V TAA Switch Chassis
JG823A HP 10512 TAA Switch Chassis
JG496A HP 10500 Type A MPU w/Comware v7 OS
9500E
S9500E_5.20.R1828P04
JC124A HP A9508 Switch Chassis
JC124B HP 9505 Switch Chassis
JC125A HP A9512 Switch Chassis
JC125B HP 9512 Switch Chassis
JC474A HP A9508-V Switch Chassis
JC474B HP 9508-V Switch Chassis
H3C S9505E Routing-Switch Chassis (0235A0G6)
H3C S9508E-V Routing-Switch Chassis (0235A38Q)
H3C S9512E Routing-Switch Chassis (0235A0G7)
H3C S9508E-V Routing-Switch Chassis (0235A38Q)
H3C S9505E Chassis w/ Fans (0235A38P)
H3C S9512E Chassis w/ Fans (0235A38R)
7900.0
7900_7.10.R2118
JG682A HP FlexFabric 7904 Switch Chassis
7500 Switch Series
7500_5.20.R6708P09
7500_5.20.R6708P09-US
JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T
JC697A HP A7502 TAA Main Processing Unit
JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE
JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE
JC700A HP A7500 384 Gbps TAA Fabric / MPU
JC701A HP A7510 768 Gbps TAA Fabric / MPU
JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports
JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports
JD194A HP 384 Gbps Fabric A7500 Module
JD194B HP 7500 384Gbps Fabric Module
JD195A HP 7500 384Gbps Advanced Fabric Module
JD196A HP 7502 Fabric Module
JD220A HP 7500 768Gbps Fabric Module
JD238A HP A7510 Switch Chassis
JD238B HP 7510 Switch Chassis
JD239A HP A7506 Switch Chassis
JD239B HP 7506 Switch Chassis
JD240A HP A7503 Switch Chassis
JD240B HP 7503 Switch Chassis
JD241A HP A7506 Vertical Switch Chassis
JD241B HP 7506-V Switch Chassis
JD242A HP A7502 Switch Chassis
JD242B HP 7502 Switch Chassis
JD243A HP A7503 Switch Chassis w/1 Fabric Slot
JD243B HP 7503-S Switch Chassis w/1 Fabric Slot
H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)
H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)
H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)
H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)
H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)
H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)
H3C S7502E Chassis w/ fans (0235A29A)
H3C S7503E Chassis w/ fans (0235A27R)
H3C S7503E-S Chassis w/ fans (0235A33R)
H3C S7506E Chassis w/ fans (0235A27Q)
H3C S7506E-V Chassis w/ fans (0235A27S)
HSR6800
HSR6800_5.20.R3303P10
HSR6800_5.20.R3303P10-US
JG361A HP HSR6802 Router Chassis
JG362A HP HSR6804 Router Chassis
JG363A HP HSR6808 Router Chassis
JG364A HP HSR6800 RSE-X2 Router MPU
JG779A HP HSR6800 RSE-X2 Router TAA MPU
HSR6800 Russian Version
HSR6800_5.20.R3303P10.RU
JG361A HP HSR6802 Router Chassis
JG362A HP HSR6804 Router Chassis
JG363A HP HSR6808 Router Chassis
JG364A HP HSR6800 RSE-X2 Router MPU
JG779A HP HSR6800 RSE-X2 Router TAA MPU
HSR6602
HSR6602_5.20.R3303P10
HSR6602_5.20.R3303P10-US
JG353A HP HSR6602-G Router
JG354A HP HSR6602-XG Router
JG776A HP HSR6602-G TAA Router
JG777A HP HSR6602-XG TAA Router
HSR6602 Russian Version
HSR6602_5.20.R3303P10.RU
JG353A HP HSR6602-G Router
JG354A HP HSR6602-XG Router
JG776A HP HSR6602-G TAA Router
JG777A HP HSR6602-XG TAA Router
6602.0
6602_5.20.R3303P10
6602_5.20.R3303P10-US
JC176A HP 6602 Router Chassis
H3C SR6602 1U Router Host (0235A27D)
6602 Russian Version
6602_5.20.R3303P10.RU
JC176A HP 6602 Router Chassis
H3C SR6602 1U Router Host (0235A27D)
A6600
6600.RPE_5.20.R3303P10
6600.RSE_5.20.R3303P10
6600.RPE_5.20.R3303P10-US
6600.RSE_5.20.R3303P10-US
JC177A HP 6608 Router
JC177B HP A6608 Router Chassis
JC178A HP 6604 Router Chassis
JC178B HP A6604 Router Chassis
JC496A HP 6616 Router Chassis
JC566A HP A6600 RSE-X1 Main Processing Unit
JG780A HP 6600 RSE-X1 Router TAA MPU
H3C RT-SR6608-OVS-H3 (0235A32X)
H3C RT-SR6604-OVS-H3 (0235A37X)
H3C SR6616 Router Chassis (0235A41D)
A6600 Russian Version
6600.RPE_5.20.R3303P10.RU
6600.RSE_5.20.R3303P10.RU
JC177A HP 6608 Router
JC177B HP A6608 Router Chassis
JC178A HP 6604 Router Chassis
JC178B HP A6604 Router Chassis
JC496A HP 6616 Router Chassis
JC566A HP A6600 RSE-X1 Main Processing Unit
JG780A HP 6600 RSE-X1 Router TAA MPU
H3C RT-SR6608-OVS-H3 (0235A32X)
H3C RT-SR6604-OVS-H3 (0235A37X)
H3C SR6616 Router Chassis (0235A41D)
6600 MCP
HSR6602_5.20.R3303P10
HSR6602_5.20.R3303P10-US
JC177A HP 6608 Router
JC177B HP A6608 Router Chassis
JC178A HP 6604 Router Chassis
JC178B HP A6604 Router Chassis
JC496A HP 6616 Router Chassis
JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU
JG356A HP 6600 MCP-X2 Router MPU
H3C RT-SR6608-OVS-H3 (0235A32X)
H3C RT-SR6604-OVS-H3 (0235A37X)
H3C SR6616 Router Chassis (0235A41D)
6600 MCP Russian Version
HSR6602_5.20.R3303P10.RU
JC177A HP 6608 Router
JC177B HP A6608 Router Chassis
JC178A HP 6604 Router Chassis
JC178B HP A6604 Router Chassis
JC496A HP 6616 Router Chassis
JG778A HP 6600 MCP-X2 Router TAA MPU
JG355A HP 6600 MCP-X1 Router MPU
JG356A HP 6600 MCP-X2 Router MPU
H3C RT-SR6608-OVS-H3 (0235A32X)
H3C RT-SR6604-OVS-H3 (0235A37X)
H3C SR6616 Router Chassis (0235A41D)
5920 Switch Series
5900AF-5920AF_7.10.R2311P01
5900AF-5920AF_7.10.R2311P01-US
JG296A HP 5920AF-24XG Switch
JG555A HP 5920AF-24XG TAA Switch
5900 Switch Series
5900AF-5920AF_7.10.R2311P01
5900AF-5920AF_7.10.R2311P01-US
JC772A HP 5900AF-48XG-4QSFP+ Switch
JG336A HP 5900AF-48XGT-4QSFP+ Switch
JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
JG838A HP FF 5900CP-48XG-4QSFP+ Switch
5830 Switch Series
5830_5.20.R1118P09
5830_5.20.R1118P09-US
JC691A HP A5830AF-48G Switch w/1 Interface Slot
JC694A HP A5830AF-96G Switch
JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot
JG374A HP 5830AF-96G TAA Switch
5820 Switch Series
5800-5820X_5.20.R1808P25
5800-5820X_5.20.R1808P27-US
JC102A HP 5820-24XG-SFP+ Switch
JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
JG219A HP 5820AF-24XG Switch
JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots
H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media
modules Plus OSM (0235A37L)
H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T
(RJ45) (0235A370)
5800 Switch Series
5800-5820X_5.20.R1808P25
5800-5820X_5.20.R1808P27-US
JC099A HP 5800-24G-PoE Switch
JC100A HP 5800-24G Switch
JC101A HP 5800-48G Switch with 2 Slots
JC103A HP 5800-24G-SFP Switch
JC104A HP 5800-48G-PoE Switch
JC105A HP 5800-48G Switch
JG225A HP 5800AF-48G Switch
JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots
JG254A HP 5800-24G-PoE+ TAA-compliant Switch
JG255A HP 5800-24G TAA-compliant Switch
JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt
JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot
JG258A HP 5800-48G TAA Switch w 1 Intf Slot
H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot
(0235A36U)
H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X
(SFP Plus ) Plus 1 media module PoE (0235A36S)
H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus
media module (no power) (0235A374)
H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus
) Plus media module (0235A379)
H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module
(0235A378)
H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM
(0235A36W)
5500 HI Switch Series
5500.HI_5.20.R5501P02
5500.HI_5.20.R5501P02-US
JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch
JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch
JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt
JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt
JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt
JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt
JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt
JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt
5500 EI Switch Series
5500.EI-4800G_5.20.R2221P05
5500.EI-4800G_5.20.R2221P04-US
JD373A HP 5500-24G DC EI Switch
JD374A HP 5500-24G-SFP EI Switch
JD375A HP 5500-48G EI Switch
JD376A HP 5500-48G-PoE EI Switch
JD377A HP 5500-24G EI Switch
JD378A HP 5500-24G-PoE EI Switch
JD379A HP 5500-24G-SFP DC EI Switch
JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts
JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts
JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts
JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts
JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts
JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts
JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts
H3C S5500-28C-EI Ethernet Switch (0235A253)
H3C S5500-28F-EI Eth Switch AC Single (0235A24U)
H3C S5500-52C-EI Ethernet Switch (0235A24X)
H3C S5500-28C-EI-DC Ethernet Switch (0235A24S)
H3C S5500-28C-PWR-EI Ethernet Switch (0235A255)
H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)
H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)
5500 SI Switch Series
5500.SI_5.20.R2221P04
JD369A HP 5500-24G SI Switch
JD370A HP 5500-48G SI Switch
JD371A HP 5500-24G-PoE SI Switch
JD372A HP 5500-48G-PoE SI Switch
JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts
JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts
H3C S5500-28C-SI Ethernet Switch (0235A04U)
H3C S5500-52C-SI Ethernet Switch (0235A04V)
H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)
H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)
5120 EI Switch Series
5120.EI-4210G-4510G_5.20.R2221P04
5120.EI-4210G-4510G_5.20.R2221P04-US
JE066A HP 5120-24G EI Switch
JE067A HP 5120-48G EI Switch
JE068A HP 5120-24G EI Switch with 2 Slots
JE069A HP 5120-48G EI Switch with 2 Slots
JE070A HP 5120-24G-PoE EI Switch with 2 Slots
JE071A HP 5120-48G-PoE EI Switch with 2 Slots
JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts
JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts
JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts
JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts
JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts
JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts
H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)
H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)
H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)
H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)
H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)
H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)
5120 SI switch Series
5120.SI_5.20.R1513P86
JE072A HP 5120-48G SI Switch
JE073A HP 5120-16G SI Switch
JE074A HP 5120-24G SI Switch
JG091A HP 5120-24G-PoE+ (370W) SI Switch
JG092A HP 5120-24G-PoE+ (170W) SI Switch
H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)
H3C S5120-20P-SI L2
16GE Plus 4SFP (0235A42B)
H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)
H3C S5120-28P-HPWR-SI (0235A0E5)
H3C S5120-28P-PWR-SI (0235A0E3)
4800 G Switch Series
5500.EI-4800G_5.20.R2221P05
5500.EI-4800G_5.20.R2221P04-US
JD007A HP 4800-24G Switch
JD008A HP 4800-24G-PoE Switch
JD009A HP 4800-24G-SFP Switch
JD010A HP 4800-48G Switch
JD011A HP 4800-48G-PoE Switch
3Com Switch 4800G 24-Port (3CRS48G-24-91)
3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)
3Com Switch 4800G 48-Port (3CRS48G-48-91)
3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)
3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)
4510G Switch Series
5500.EI-4800G_5.20.R2221P05
5500.EI-4800G_5.20.R2221P04-US
JF428A HP 4510-48G Switch
JF847A HP 4510-24G Switch
3Com Switch 4510G 48 Port (3CRS45G-48-91)
3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)
3Com Switch E4510-24G (3CRS45G-24-91)
4210G Switch Series
5120.EI-4210G-4510G_5.20.R2221P04
5120.EI-4210G-4510G_5.20.R2221P04-US
JF844A HP 4210-24G Switch
JF845A HP 4210-48G Switch
JF846A HP 4210-24G-PoE Switch
3Com Switch 4210-24G (3CRS42G-24-91)
3Com Switch 4210-48G (3CRS42G-48-91)
3Com Switch E4210-24G-PoE (3CRS42G-24P-91)
3610 Switch Series
S3610-5510_5.20.R5319P08
JD335A HP 3610-48 Switch
JD336A HP 3610-24-4G-SFP Switch
JD337A HP 3610-24-2G-2G-SFP Switch
JD338A HP 3610-24-SFP Switch
H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)
H3C S3610-28P - model LS-3610-28P-OVS (0235A22D)
H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)
H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)
3600 V2 Switch Series
3600V2_5.20.R2109P05
JG299A HP 3600-24 v2 EI Switch
JG300A HP 3600-48 v2 EI Switch
JG301A HP 3600-24-PoE+ v2 EI Switch
JG301B HP 3600-24-PoE+ v2 EI Switch
JG302A HP 3600-48-PoE+ v2 EI Switch
JG302B HP 3600-48-PoE+ v2 EI Switch
JG303A HP 3600-24-SFP v2 EI Switch
JG304A HP 3600-24 v2 SI Switch
JG305A HP 3600-48 v2 SI Switch
JG306A HP 3600-24-PoE+ v2 SI Switch
JG306B HP 3600-24-PoE+ v2 SI Switch
JG307A HP 3600-48-PoE+ v2 SI Switch
JG307B HP 3600-48-PoE+ v2 SI Switch
3100V2
3100V2_5.20.R5203P07
JD313B HP 3100-24-PoE v2 EI Switch
JD318B HP 3100-8 v2 EI Switch
JD319B HP 3100-16 v2 EI Switch
JD320B HP 3100-24 v2 EI Switch
JG221A HP 3100-8 v2 SI Switch
JG222A HP 3100-16 v2 SI Switch
JG223A HP 3100-24 v2 SI Switch
3100V2-48
3100V2.48_5.20.R2109P05
JG315A HP 3100-48 v2 Switch
1920.0
1920-48G-JG927A_5.20.R1104
1920-8G-PoE-65W-JG921A_5.20.R1104
1920-8G-JG920A_5.20.R1104
1920-24G-PoE-370W-JG926A_5.20.R1104
1920-24G-PoE-180W-JG925A_5.20.R1104
1920-24G-JG924A_5.20.R1104
1920-16G-JG923A_5.20.R1104
1920-8G-PoE-180W-JG922A_5.20.R1104
JG927A HP 1920-48G Switch
JG921A HP 1920-8G-PoE+ (65W) Switch
JG920A HP 1920-8G Switch
JG926A HP 1920-24G-PoE+ (370W) Switch
JG925A HP 1920-24G-PoE+ (180W) Switch
JG924A HP 1920-24G Switch
JG923A HP 1920-16G Switch
JG922A HP 1920-8G-PoE+ (180W) Switch
1910.0
1910-8-POE-JG537_5.20.R1106
1910-48-JG540_5.20.R1106
1910-24-JG538_5.20.R1106
1910-24-POE-JG539_5.20.R1106
1910-8-JG536_5.20.R1106
JG537A HP 1910-8 -PoE+ Switch
JG540A HP 1910-48 Switch
JG538A HP 1910-24 Switch
JG539A HP 1910-24-PoE+ Switch
JG536A HP 1910-8 Switch
1810v1 P2
Fix in progress
use mitigations
J9449A HP 1810-8G Switch
J9450A HP 1810-24G Switch
1810v1 PK
Fix in progress
use mitigations
J9660A HP 1810-48G Switch
MSR20
MSR20.SI_5.20.R2513P02
JD432A HP A-MSR20-21 Multi-Service Router
JD662A HP MSR20-20 Multi-Service Router
JD663A HP MSR20-21 Multi-Service Router
JD663B HP MSR20-21 Router
JD664A HP MSR20-40 Multi-Service Router
JF228A HP MSR20-40 Router
JF283A HP MSR20-20 Router
H3C RT-MSR2020-AC-OVS-H3C (0235A324)
H3C RT-MSR2040-AC-OVS-H3 (0235A326)
H3C MSR 20-20 (0235A19H)
H3C MSR 20-21 (0235A325)
H3C MSR 20-40 (0235A19K)
H3C MSR-20-21 Router (0235A19J)
MSR20-1X
MSR201X_5.20.R2513P02
JD431A HP MSR20-10 Router
JD667A HP MSR20-15 IW Multi-Service Router
JD668A HP MSR20-13 Multi-Service Router
JD669A HP MSR20-13 W Multi-Service Router
JD670A HP MSR20-15 A Multi-Service Router
JD671A HP MSR20-15 AW Multi-Service Router
JD672A HP MSR20-15 I Multi-Service Router
JD673A HP MSR20-11 Multi-Service Router
JD674A HP MSR20-12 Multi-Service Router
JD675A HP MSR20-12 W Multi-Service Router
JD676A HP MSR20-12 T1 Multi-Service Router
JF236A HP MSR20-15-I Router
JF237A HP MSR20-15-A Router
JF238A HP MSR20-15-I-W Router
JF239A HP MSR20-11 Router
JF240A HP MSR20-13 Router
JF241A HP MSR20-12 Router
JF806A HP MSR20-12-T Router
JF807A HP MSR20-12-W Router
JF808A HP MSR20-13-W Router
JF809A HP MSR20-15-A-W Router
JF817A HP MSR20-15 Router
JG209A HP MSR20-12-T-W Router (NA)
JG210A HP MSR20-13-W Router (NA)
H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)
H3C MSR 20-10 (0235A0A7)
H3C RT-MSR2011-AC-OVS-H3 (0235A395)
H3C RT-MSR2012-AC-OVS-H3 (0235A396)
H3C RT-MSR2012-AC-OVS-W-H3 (0235A397)
H3C RT-MSR2012-T-AC-OVS-H3 (0235A398)
H3C RT-MSR2013-AC-OVS-H3 (0235A390)
H3C RT-MSR2013-AC-OVS-W-H3 (0235A391)
H3C RT-MSR2015-AC-OVS-A-H3 (0235A392)
H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)
H3C RT-MSR2015-AC-OVS-I-H3 (0235A394)
H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)
H3C MSR 20-11 (0235A31V)
H3C MSR 20-12 (0235A32E)
H3C MSR 20-12 T1 (0235A32B)
H3C MSR 20-13 (0235A31W)
H3C MSR 20-13 W (0235A31X)
H3C MSR 20-15 A (0235A31Q)
H3C MSR 20-15 A W (0235A31R)
H3C MSR 20-15 I (0235A31N)
H3C MSR 20-15 IW (0235A31P)
H3C MSR20-12 W (0235A32G)
MSR30
MSR30.SI_5.20.R2513P02
JD654A HP MSR30-60 POE Multi-Service Router
JD657A HP MSR30-40 Multi-Service Router
JD658A HP MSR30-60 Multi-Service Router
JD660A HP MSR30-20 POE Multi-Service Router
JD661A HP MSR30-40 POE Multi-Service Router
JD666A HP MSR30-20 Multi-Service Router
JF229A HP MSR30-40 Router
JF230A HP MSR30-60 Router
JF232A HP RT-MSR3040-AC-OVS-AS-H3
JF235A HP MSR30-20 DC Router
JF284A HP MSR30-20 Router
JF287A HP MSR30-40 DC Router
JF801A HP MSR30-60 DC Router
JF802A HP MSR30-20 PoE Router
JF803A HP MSR30-40 PoE Router
JF804A HP MSR30-60 PoE Router
H3C MSR 30-20 Router (0235A328)
H3C MSR 30-40 Router Host(DC) (0235A268)
H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)
H3C RT-MSR3020-DC-OVS-H3 (0235A267)
H3C RT-MSR3040-AC-OVS-H (0235A299)
H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)
H3C RT-MSR3060-AC-OVS-H3 (0235A320)
H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)
H3C RT-MSR3060-DC-OVS-H3 (0235A269)
H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)
H3C MSR 30-20 (0235A19L)
H3C MSR 30-20 POE (0235A239)
H3C MSR 30-40 (0235A20J)
H3C MSR 30-40 POE (0235A25R)
H3C MSR 30-60 (0235A20K)
H3C MSR 30-60 POE (0235A25S)
H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)
MSR30-16
MSR3016.SI_5.20.R2513P02
JD659A HP MSR30-16 POE Multi-Service Router
JD665A HP MSR30-16 Multi-Service Router
JF233A HP MSR30-16 Router
JF234A HP MSR30-16 PoE Router
H3C RT-MSR3016-AC-OVS-H3 (0235A327)
H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)
H3C MSR 30-16 (0235A237)
H3C MSR 30-16 POE (0235A238)
MSR30-1X
MSR301X.SI_5.20.R2513P09
JF800A HP MSR30-11 Router
JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
JG182A HP MSR30-11E Router
JG183A HP MSR30-11F Router
JG184A HP MSR30-10 DC Router
H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)
H3C RT-MSR3011-AC-OVS-H3 (0235A29L)
MSR50
MSR50.SI_5.20.R2513P02
JD433A HP MSR50-40 Router
JD653A HP MSR50 Processor Module
JD655A HP MSR50-40 Multi-Service Router
JD656A HP MSR50-60 Multi-Service Router
JF231A HP MSR50-60 Router
JF285A HP MSR50-40 DC Router
JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
H3C MSR 50-40 Router (0235A297)
H3C MSR5040-DC-OVS-H3C (0235A20P)
H3C RT-MSR5060-AC-OVS-H3 (0235A298)
H3C MSR 50-40 Chassis (0235A20N)
H3C MSR 50-60 Chassis (0235A20L)
MSR50-G2
MSR50.EPUSI_5.20.R2513P02
JD429A HP MSR50 G2 Processor Module
JD429B HP MSR50 G2 Processor Module
H3C H3C MSR 50 Processor Module-G2 (0231A84Q)
H3C MSR 50 High Performance Main Processing Unit 3GE (Combo)
256F/1GD(0231A0KL)
MSR20 Russian version
MSR20.SI_5.20.R2513L03.RU
JD663B HP MSR20-21 Router
JF228A HP MSR20-40 Router
JF283A HP MSR20-20 Router
H3C RT-MSR2020-AC-OVS-H3C (0235A324)
H3C RT-MSR2040-AC-OVS-H3 (0235A326)
MSR20-1X Russian version
MSR201X_5.20.R2513L03.RU
JD431A HP MSR20-10 Router
JF236A HP MSR20-15-I Router
JF237A HP MSR20-15-A Router
JF238A HP MSR20-15-I-W Router
JF239A HP MSR20-11 Router
JF240A HP MSR20-13 Router
JF241A HP MSR20-12 Router
JF806A HP MSR20-12-T Router
JF807A HP MSR20-12-W Router
JF808A HP MSR20-13-W Router
JF809A HP MSR20-15-A-W Router
JF817A HP MSR20-15 Router
H3C MSR 20-10 (0235A0A7)
H3C RT-MSR2015-AC-OVS-I-H3 (0235A394)
H3C RT-MSR2015-AC-OVS-A-H3 (0235A392)
H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)
H3C RT-MSR2011-AC-OVS-H3 (0235A395)
H3C RT-MSR2013-AC-OVS-H3 (0235A390)
H3C RT-MSR2012-AC-OVS-H3 (0235A396)
H3C RT-MSR2012-T-AC-OVS-H3 (0235A398)
H3C RT-MSR2012-AC-OVS-W-H3 (0235A397)
H3C RT-MSR2013-AC-OVS-W-H3 (0235A391)
H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)
H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)
MSR30 Russian version
MSR30.SI_5.20.R2513L03.RU
JF229A HP MSR30-40 Router
JF230A HP MSR30-60 Router
JF235A HP MSR30-20 DC Router
JF284A HP MSR30-20 Router
JF287A HP MSR30-40 DC Router
JF801A HP MSR30-60 DC Router
JF802A HP MSR30-20 PoE Router
JF803A HP MSR30-40 PoE Router
JF804A HP MSR30-60 PoE Router
H3C RT-MSR3040-AC-OVS-H (0235A299)
H3C RT-MSR3060-AC-OVS-H3 (0235A320)
H3C RT-MSR3020-DC-OVS-H3 (0235A267)
H3C MSR 30-20 Router (0235A328)
H3C MSR 30-40 Router Host(DC) (0235A268)
H3C RT-MSR3060-DC-OVS-H3 (0235A269)
H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)
H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)
H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)
MSR30-16 Russian version
MSR3016.SI_5.20.R2513L03.RU
JF233A HP MSR30-16 Router
JF234A HP MSR30-16 PoE Router
H3C RT-MSR3016-AC-OVS-H3 (0235A327)
H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)
MSR30-1X Russian version
MSR301X.SI_5.20.R2513L03.RU
JF800A HP MSR30-11 Router
JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
JG182A HP MSR30-11E Router
JG183A HP MSR30-11F Router
JG184A HP MSR30-10 DC Router
H3C RT-MSR3011-AC-OVS-H3 (0235A29L)
H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)
MSR50 Russian version
MSR50.SI_5.20.R2513L03.RU
JD433A HP MSR50-40 Router
JD653A HP MSR50 Processor Module
JD655A HP MSR50-40 Multi-Service Router
JD656A HP MSR50-60 Multi-Service Router
JF231A HP MSR50-60 Router
JF285A HP MSR50-40 DC Router
JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
H3C MSR 50-40 Router (0235A297)
H3C MSR 50 Processor Module (0231A791)
H3C MSR 50-40 Chassis (0235A20N)
H3C MSR 50-60 Chassis (0235A20L)
H3C RT-MSR5060-AC-OVS-H3 (0235A298)
H3C MSR5040-DC-OVS-H3C (0235A20P)
MSR50 G2 Russian version
MSR50.EPUSI_5.20.R2513L03.RU
JD429B HP MSR50 G2 Processor Module
H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD
(0231A0KL)
MSR9XX
MSR9XX_5.20.R2513P02
JF812A HP MSR900 Router
JF813A HP MSR920 Router
JF814A HP MSR900-W Router
JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr
JG207A HP MSR900-W Router (NA)
JG208A HP MSR920-W Router (NA)
H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b
(0235A0C2)
H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)
H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)
H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)
MSR93X
MSR93X_5.20.R2513P02
JG511A HP MSR930 Router
JG512A HP MSR930 Wireless Router
JG513A HP MSR930 3G Router
JG514A HP MSR931 Router
JG515A HP MSR931 3G Router
JG516A HP MSR933 Router
JG517A HP MSR933 3G Router
JG518A HP MSR935 Router
JG519A HP MSR935 Wireless Router
JG520A HP MSR935 3G Router
JG531A HP MSR931 Dual 3G Router
JG596A HP MSR930 4G LTE/3G CDMA Router
JG597A HP MSR936 Wireless Router
JG665A HP MSR930 4G LTE/3G WCDMA Global Router
JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
MSR1000
MSR1000_5.20.R2513P02
JG732A HP MSR1003-8 AC Router
MSR1000 Russian version
MSR1000_5.20.R2513L03-RU
JG732A HP MSR1003-8 AC Router
MSR2000
MSR2000_7.10.R0106P02
JG411A HP MSR2003 AC Router
MSR3000
MSR3000_7.10.R0106P02
JG404A HP MSR3064 Router
JG405A HP MSR3044 Router
JG406A HP MSR3024 AC Router
JG409A HP MSR3012 AC Router
JG861A HP MSR3024 TAA-compliant AC Router
MSR4000
MSR4000_7.10.R0106P02
JG402A HP MSR4080 Router Chassis
JG403A HP MSR4060 Router Chassis
JG412A HP MSR4000 MPU-100 Main Processing Unit
F5000
SECPATH5000FA_5.20.F3210P20
JG216A HP F5000 Firewall Standalone Chassis
JD259A HP A5000-A5 VPN Firewall Chassis
H3C SecPath F5000-A5 Host System (0150A0AG)
F5000 C
F5000C_5.20.R3811
JG650A HP F5000-C VPN Firewall Appliance
F5000 S
F5000S_5.20.R3811
JG370A HP F5000-S VPN Firewall Appliance
U200S and CS
U200S_U200CS_5.20.F5123P27
JD268A HP 200-CS UTM Appliance
JD273A HP U200-S UTM Appliance
H3C SecPath U200-S (0235A36N)
U200A and M
U200A_U200M_5.20.F5123P27
JD274A HP 200-M UTM Appliance
JD275A HP U200-A UTM Appliance
H3C SecPath U200-A (0235A36Q)
F1000A and S
AF1000S.EI_3.40.R3734
JD270A HP S1000-S VPN Firewall Appliance
JD271A HP S1000-A VPN Firewall Appliance
JG213A HP F1000-S-EI VPN Firewall Appliance
JG214A HP F1000-A-EI VPN Firewall Appliance
SecBlade III
SECBLADEIII.FW_5.20.R3820
JG371A HP 12500 20Gbps VPN Firewall Module
JG372A HP 10500/11900/7500 20Gbps VPN FW Mod
SecBlade FW
SECBLADE2-FW_5.20.R3181
JC635A HP 12500 VPN Firewall Module
JD245A HP 9500 VPN Firewall Module
JD249A HP 10500/7500 Advanced VPN Firewall Mod
JD250A HP 6600 Firewall Processing Rtr Module
JD251A HP 8800 Firewall Processing Module
JD255A HP 5820 VPN Firewall Module
H3C S9500E SecBlade VPN Firewall Module (0231A0AV)
H3C S7500E SecBlade VPN Firewall Module (0231A832)
H3C SR66 Gigabit Firewall Module (0231A88A)
H3C SR88 Firewall Processing Module (0231A88L)
H3C S5820 SecBlade VPN Firewall Module (0231A94J)
F1000E
SECPATH1000FE_5.20.R3181
JD272A HP S1000-E VPN Firewall Appliance
VSR1000
VSR1000_7.10.R0203
JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
JG811AAE HP VSR1001 Comware 7 Virtual Services Router
JG812AAE HP VSR1004 Comware 7 Virtual Services Router
JG813AAE HP VSR1008 Comware 7 Virtual Services Router
WX5002/5004
WX5002-WX5004_5.20.R2507P26
JD441A HP 5800 ACM for 64-256 APs
JD447B HP WX5002 Access Controller
JD448A HP A-WX5004 Access Controller
JD448B HP WX5004 Access Controller
JD469A HP A-WX5004 (3Com) Access Controller
JG261A HP 5800 Access Controller OAA TAA Mod
HP 850/870
850-870_5.20.R2607P26
JG723A HP 870 Unified Wired-WLAN Appliance
JG725A HP 870 Unifd Wrd-WLAN TAA Applnc
JG722A HP 850 Unified Wired-WLAN Appliance
JG724A HP 850 Unifd Wrd-WLAN TAA Applnc
HP 830
830_5.20.R3507P26
JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch
JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch
JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch
JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch
HP 6000
6000_5.20.R2507P27
JG639A HP 10500/7500 20G Unified Wired-WLAN Mod
JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod
M220
Fix in progress
use mitigations
J9798A HP M220 802.11n AM Access Point
J9799A HP M220 802.11n WW Access Point
NGFW
The Software Downloads and software release notes for your NGFW Appliance(s)
can be acquired with a valid support contract by accessing the Threat
Management Center (TMC). In your web browser
open https://tmc.tippingpoint.com.
JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic
JC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic
JC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic
JC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic
JC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic
iMC UAM 7.x
5.x
iMC UAM 7.0 (E0203P04)
JD144A HP IMC UAM S/W Module w/200-User License
JF388A HP IMC UAM S/W Module w/200-user License
JD435A HP IMC EAD Client Software
JF388AAE HP IMC UAM S/W Module w/200-user E-LTU
JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU
iMC EAD 7.x
5.x
iMC EAD v7.1 (E0301)
JF391AAE HP IMC EAD S/W Module w/200-user E-LTU
JG754AAE HP IMC EAD SW Module w/ 50-user E-LTU
JD147A HP IMC Endpoint Admission Defense Software Module with 200-user
License
JF391A HP IMC EAD S/W Module w/200-user License
HISTORY
Version:1 (rev.1) - 20 June 2014 Initial release
Version:2 (rev.2) - 20 November 2014 Removed iMC Platform Products, 5900
virtual switch, and Router 8800 products. Further analysis revealed that
those products as not vulnerable. Added additional products.
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: openssl security update
Advisory ID: RHSA-2014:0625-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0625.html
Issue date: 2014-06-05
CVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198
CVE-2014-0221 CVE-2014-0224 CVE-2014-3470
=====================================================================
1. Summary:
Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433
A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS
packet fragments. A remote attacker could possibly use this flaw to execute
arbitrary code on a DTLS client or server. (CVE-2014-0195)
Multiple flaws were found in the way OpenSSL handled read and write buffers
when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or
server using OpenSSL could crash or unexpectedly drop connections when
processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)
A denial of service flaw was found in the way OpenSSL handled certain DTLS
ServerHello requests. A specially crafted DTLS handshake packet could cause
a DTLS client using OpenSSL to crash. (CVE-2014-0221)
A NULL pointer dereference flaw was found in the way OpenSSL performed
anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially
crafted handshake packet could cause a TLS/SSL client that has the
anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)
Red Hat would like to thank the OpenSSL project for reporting these issues.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195,
Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix
Gröbert and Ivan Fratrić of Google as the original reporters of
CVE-2014-3470.
All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free
1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()
1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability
1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake
1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment
1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-perl-1.0.1e-16.el6_5.14.i686.rpm
openssl-static-1.0.1e-16.el6_5.14.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
ppc64:
openssl-1.0.1e-16.el6_5.14.ppc.rpm
openssl-1.0.1e-16.el6_5.14.ppc64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm
openssl-devel-1.0.1e-16.el6_5.14.ppc.rpm
openssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm
s390x:
openssl-1.0.1e-16.el6_5.14.s390.rpm
openssl-1.0.1e-16.el6_5.14.s390x.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm
openssl-devel-1.0.1e-16.el6_5.14.s390.rpm
openssl-devel-1.0.1e-16.el6_5.14.s390x.rpm
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-perl-1.0.1e-16.el6_5.14.i686.rpm
openssl-static-1.0.1e-16.el6_5.14.i686.rpm
ppc64:
openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm
openssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm
openssl-static-1.0.1e-16.el6_5.14.ppc64.rpm
s390x:
openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm
openssl-perl-1.0.1e-16.el6_5.14.s390x.rpm
openssl-static-1.0.1e-16.el6_5.14.s390x.rpm
x86_64:
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
x86_64:
openssl-1.0.1e-16.el6_5.14.i686.rpm
openssl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
openssl-1.0.1e-16.el6_5.14.src.rpm
i386:
openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
openssl-perl-1.0.1e-16.el6_5.14.i686.rpm
openssl-static-1.0.1e-16.el6_5.14.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm
openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2010-5298.html
https://www.redhat.com/security/data/cve/CVE-2014-0195.html
https://www.redhat.com/security/data/cve/CVE-2014-0198.html
https://www.redhat.com/security/data/cve/CVE-2014-0221.html
https://www.redhat.com/security/data/cve/CVE-2014-0224.html
https://www.redhat.com/security/data/cve/CVE-2014-3470.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/site/articles/904433
https://access.redhat.com/site/solutions/905793
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTkGAKXlSAg2UNWIIRAnrwAJ9sLrj3wCAZhJU00jxgt03unDAHywCfVjUB
pJJhdOUzRUL8R2haDM4xrsk=
=hZF8
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce.
The Montgomery ladder implementation in OpenSSL through 1.0.0l does
not ensure that certain swap operations have a constant-time behavior,
which makes it easier for local users to obtain ECDSA nonces via a
FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before
1.0.1g do not properly handle Heartbeat Extension packets, which allows
remote attackers to obtain sensitive information from process memory
via crafted packets that trigger a buffer over-read, as demonstrated
by reading private keys, related to d1_both.c and t1_lib.c, aka the
Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
1.0.1h does not properly restrict processing of ChangeCipherSpec
messages, which allows man-in-the-middle attackers to trigger use of a
zero-length master key in certain OpenSSL-to-OpenSSL communications,
and consequently hijack sessions or obtain sensitive information,
via a crafted TLS handshake, aka the CCS Injection vulnerability
(CVE-2014-0224).
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1
before 1.0.1j allows remote attackers to cause a denial of service
(memory consumption) via a crafted handshake message (CVE-2014-3513).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
products, uses nondeterministic CBC padding, which makes it easier
for man-in-the-middle attackers to obtain cleartext data via a
padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue
became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before
1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square
of a BIGNUM value, which might make it easier for remote attackers to
defeat cryptographic protection mechanisms via unspecified vectors,
related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and
crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before
0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote
SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger
a loss of forward secrecy by omitting the ServerKeyExchange message
(CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k
does not enforce certain constraints on certificate data, which allows
remote attackers to defeat a fingerprint-based certificate-blacklist
protection mechanism by including crafted data within a
certificate's unsigned portion, related to crypto/asn1/a_verify.c,
crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c
(CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before
0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL
servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate
brute-force decryption by offering a weak ephemeral RSA key in a
noncompliant role, related to the FREAK issue. NOTE: the scope of
this CVE is only client code based on OpenSSL, not EXPORT_RSA issues
associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before
1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a
Diffie-Hellman (DH) certificate without requiring a CertificateVerify
message, which allows remote attackers to obtain access without
knowledge of a private key via crafted TLS Handshake Protocol traffic
to a server that recognizes a Certification Authority with DH support
(CVE-2015-0205).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://openssl.org/news/secadv_20150108.txt
http://openssl.org/news/secadv_20150319.txt
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm
9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm
58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm
b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm
a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm
521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS
kz0ex6eI6hA6qSwklA2NoXY=
=GYjX
-----END PGP SIGNATURE-----
.
HP Insight Control server deployment packages HP System Management Homepage
(SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM)
and deploys them through the following components. This bulletin provides the
information needed to update the HP Insight Control server deployment
solution. HP has provided manual update steps
if a version upgrade is not possible; if users wish to remain at v7.1.2,
v7.2.0, or v7.2.1.
Note: It is important to check your current running version of HP Insight
Control server deployment and to follow the correct steps listed below. For
HP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and
follow the steps below to remove the vulnerability. That Security Bulletin with instructions on how to upgrade
to v7.3.1 can be found here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n
a-c04267749
HP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should
take the following steps to remove this vulnerability.
Delete the files smhamd64-*.exe/smhx86-*.exe" from Component Copy Location
listed in the following table, rows 1 and 2.
Delete the files "vcax86-*.exe/vcaamd64-*.exe from Component Copy Location
listed in the following table, rows 3 and 4.
Delete the files hpsmh-7.*.rpm" from Component Copy Location listed in row 5.
In sequence, perform the steps from left to right in the following table.
First, download components from Download Link; Second, rename the component
as suggested in Rename to. Third, copy the component to the location
specified in Component Copy Location.
Table Row Number
Download Link
Rename to
Component Copy Location
1
http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba
smhamd64-ccp023716.exe
\\express\hpfeatures\hpagents-ws\components\Win2008
2
http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05
smhx86-cp023715.exe
\\express\hpfeatures\hpagents-ws\components\Win2008
3
http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13
vcax86-cp023742.exe
\\express\hpfeatures\hpagents-ws\components\Win2008
4
http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2
vcaamd64-cp023743.exe
\\express\hpfeatures\hpagents-ws\components\Win2008
5
http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93
Do not rename the downloaded component for this step.
\\express\hpfeatures\hpagents-sles11-x64\components
\\express\hpfeatures\hpagents-sles10-x64\components
\\express\hpfeatures\hpagents-rhel5-x64\components
\\express\hpfeatures\hpagents-rhel6-x64\components
Download and extract the HPSUM 5.3.6 component from
ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793
Copy all content from extracted ZIP folder and paste into
\\eXpress\hpfeatures\fw-proLiant\components
Initiate Install HP Management Agents for SLES 11 x64 on targets running
SLES11 x64.
Initiate Install HP Management Agents for SLES 10 x64 on targets running
SLES10 x64.
Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL
6 x64.
Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL
5 x64.
Initiate Install HP Management Agents for Windows x86/x64 on targets running
Windows.
HP Insight Control server deployment users with v7.2.2:
Please upgrade to Insight Control server deployment v7.3.1 and follow the
steps below for v7.3.1.
HP Insight Control server deployment users with v7.3.1:
Perform steps 1 - 4 as outlined above for users with HP Insight Control
server deployment v7.1.2, v7.2.0, and v7.2.1.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz: Upgraded.
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8za-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8za-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8za-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8za-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8za-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8za-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8za-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz
Updated packages for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1h-i486-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1h-x86_64-1_slack14.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1h-i486-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1h-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1h-x86_64-1_slack14.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1h-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1h-i486-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1h-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1h-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 packages:
634b8ecc8abc6d3f249b73d0fefa5959 openssl-0.9.8za-i486-1_slack13.0.txz
a2529f1243d42a3608f61b96236b5f60 openssl-solibs-0.9.8za-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages:
2ddac651c5f2531f3a7f70d9f5823bd6 openssl-0.9.8za-x86_64-1_slack13.0.txz
d7ffeb15713a587f642fbb3d5c310c75 openssl-solibs-0.9.8za-x86_64-1_slack13.0.txz
Slackware 13.1 packages:
0b84a6a1edf76cba83d4c52c54196baa openssl-0.9.8za-i486-1_slack13.1.txz
dfd5d241b0e1703ae9d70d6ccda06179 openssl-solibs-0.9.8za-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages:
bd749622577a5f76a59d90b95aa922fd openssl-0.9.8za-x86_64-1_slack13.1.txz
35cf911dd9f0cc13f7f0056d9e1f4520 openssl-solibs-0.9.8za-x86_64-1_slack13.1.txz
Slackware 13.37 packages:
8f674defac9002c81265d284b1072f75 openssl-0.9.8za-i486-1_slack13.37.txz
48ce79e7714cb0c823d2b6ea4a88ba51 openssl-solibs-0.9.8za-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages:
efa09162c22782c15806bca99472c5be openssl-0.9.8za-x86_64-1_slack13.37.txz
8e3b8d1e3d3a740bd274fbe38dc10f96 openssl-solibs-0.9.8za-x86_64-1_slack13.37.txz
Slackware 14.0 packages:
8e2698d19f54c7e0cac8f998df23b782 openssl-1.0.1h-i486-1_slack14.0.txz
cf6233bc169cf6dd192bb7210f779fc1 openssl-solibs-1.0.1h-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages:
2b4f0610d5e46fa7bb27a0b39f0d6d33 openssl-1.0.1h-x86_64-1_slack14.0.txz
18fdd83dcf86204275508a689a017dea openssl-solibs-1.0.1h-x86_64-1_slack14.0.txz
Slackware 14.1 packages:
49aea7da42eef41da894f29762971863 openssl-1.0.1h-i486-1_slack14.1.txz
6f19f4fdc3f018b4e821c519d7bb1e5c openssl-solibs-1.0.1h-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages:
ccf5ff2b107c665a4f3bf98176937749 openssl-1.0.1h-x86_64-1_slack14.1.txz
ea1aaba38c98b096186ca94ca541a793 openssl-solibs-1.0.1h-x86_64-1_slack14.1.txz
Slackware -current packages:
db1ed7ded71ab503f567940fff39eb16 a/openssl-solibs-1.0.1h-i486-1.txz
0db4f91f9b568b2b2629950e5ab88b22 n/openssl-1.0.1h-i486-1.txz
Slackware x86_64 -current packages:
d01aef33335bee27f36574241f54091f a/openssl-solibs-1.0.1h-x86_64-1.txz
95a743d21c58f39573845d6ec5270656 n/openssl-1.0.1h-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg openssl-1.0.1h-i486-1_slack14.1.txz openssl-solibs-1.0.1h-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address.
HP Systems Insight Manager v7.3 Hotfix kit
HP Systems Insight Manager v7.2 Hotfix kit (The HP Systems Insight Manager
v7.2 Hotfix kit is currently unavailable, but will be released at a later
date.
http://h18013.www1.hp.com/products/servers/management/hpsim/download.html
NOTE: No reboot of the system is required after applying the HP SIM Hotfix
kit.
HP Version Control Repository Manager (VCRM) version 7.3.3 and earlier for
Linux and Windows. Create batch file with the following commands:
@echo off
hpsmp.exe /verysilent /SVCPATCH=Install_Through_Patch
Copy the batch file to the folder where "hpsmp.exe" normally resides on the
target system.
Double click on the batch file.
The command prompt closes when the installation finishes.
After the installation completes it creates a log file (ICmigr.log) and an
output file (ICmigroutput.xml) on the target system.
Do not close or click on the command prompt while the process is completing.
Do not run the command prompt in the background.
The oldstable distribution (squeeze) is not affected.
For the stable distribution (wheezy), this problem has been fixed in
version 1.0.1e-2+deb7u9.
For the testing distribution (jessie), this problem has been fixed in
version 1.0.1g-4.
For the unstable distribution (sid), this problem has been fixed in
version 1.0.1g-4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201407-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: OpenSSL: Multiple vulnerabilities
Date: July 27, 2014
Bugs: #512506
ID: 201407-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in OpenSSL, possibly allowing
remote attackers to execute arbitrary code.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.1h-r1 *>= 0.9.8z_p5
*>= 0.9.8z_p4
*>= 0.9.8z_p1
*>= 0.9.8z_p3
*>= 0.9.8z_p2
*>= 1.0.0m
>= 1.0.1h-r1
Description
===========
Multiple vulnerabilities have been discovered in OpenSSL. Please review
the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers
referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenSSL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"
References
==========
[ 1 ] CVE-2010-5298
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298
[ 2 ] CVE-2014-0195
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195
[ 3 ] CVE-2014-0198
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198
[ 4 ] CVE-2014-0221
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221
[ 5 ] CVE-2014-0224
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224
[ 6 ] CVE-2014-3470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470
[ 7 ] OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201407-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201405-0423 | CVE-2014-3115 | Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery (CSRF) vulnerability. (CWE-352). Fortinet FortiWeb is prone to multiple cross-site request-forgery vulnerabilities because it does not properly validate HTTP requests.
Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
Fortinet FortiWeb 5.1.x and prior versions are vulnerable. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content.
Impact
A remote unauthenticated attacker may be able to trick a user into making an unintentional request to the web administration interface, via link or JavaScript hosted on a malicious web page. This forged request may be treated as authentic and result in unauthorized actions in the web administration interface. A successful attack would require the administrator to be logged in, and attacker knowledge of the internal FortiWeb administration URL.
Affected Products
FortiWeb 5.1.x and lower.
Solutions
Upgrade to FortiWeb 5.2.0 or higher.
Acknowledgement
This vulnerability was separately reported by both William Costa and Enrique Nissim
| VAR-201405-0568 | No CVE | Knot DNS TSIG Signature spoofing vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Knot DNS is a high-performance DNS server developed by the Czech Internet Network Information Center (CZ.NIC). It supports all key DNS system features, such as zone conversion, dynamic update, and DNS Security Extensions (DNSSEC).
A spoofing vulnerability exists in versions of Knot DNS prior to 1.4.5. The vulnerability stems from an error in the 'knot_tsig_check_digest ()' function when verifying a TSIG signature. Attackers can use this vulnerability to spoof signatures and bypass established session authentication.
An attacker can exploit this issue to conduct spoofing attacks. This may aid in further attacks
| VAR-201405-0338 | CVE-2014-3220 |
F5 BIG-IQ Vulnerable to changing the password of an arbitrary user
Related entries in the VARIoT exploits database: VAR-E-201405-0118 |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/. F5 Networks BIG-IQ is prone to a remote privilege-escalation vulnerability. Multiple F5 BIG-IQ products are prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.
Attackers can leverage this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks.
The following products are vulnerable:
F5 BIG-IQ Cloud 4.0.0 through 4.1.0 are vulnerable.
F5 BIG-IQ Security 4.0.0 through 4.1.0 are vulnerable. F5 BIG-IQ is a set of software-based cloud management solutions from F5 Corporation of the United States. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. The vulnerability is caused by the mgmt/shared/authz/users/ script not properly filtering the input submitted by the user
| VAR-201405-0302 | CVE-2014-2881 | Citrix NetScaler Application Delivery Controller and NetScaler Gateway Management GUI of Java Applet vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors. Citrix NetScaler is prone to an unspecified security vulnerability.
Little is known about this issue or its effects at this time. We will update this BID as more information emerges. There are currently no details about this vulnerability. Please keep an eye on the cnnvd website or manufacturer announcements. Vulnerability title: Poor Quality Implementation of Diffie-Hellman Key
Exchange in Citrix Netscaler
CVE: CVE-2014-2881
Vendor: Citrix
Product: Netscaler
Affected version: All prior to 10.1-122.17/9.3-66.5
Fixed version: 10.1-122.17/9.3-66.5
Reported by: Graham Sutherland
Details:
The remote configuration Java applet contains a poor implementation of
the Diffie-Hellman key exchange algorithm. The random number generator
used to produce secret values is the java.util.Random class, which is
not of cryptographic quality. Publicly known predictors exist for the
underlying RNG, and the seed is either 32-bit or 48-bit depending on the
host system.
Furthermore, the selection of the secret 'a' value within the key
generation process is potentially vulnerable to timing attacks that leak
the RNG state, as the implementation loops until the RNG outputs a value
within a publicly known range.
Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2881/
Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby granted for the electronic
redistribution of this information. It is not to be edited or altered in
any way without the express written consent of Portcullis Computer
Security Limited.
Disclaimer:
The information herein contained may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. In no
event shall the author/distributor (Portcullis Computer Security
Limited) be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information
| VAR-201404-0529 | CVE-2014-3129 | SAP Solution Manager Remote Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. SAP Solution Manager is a system management platform that integrates system monitoring, SAP support desktop, self-service, and ASAP implementation.
Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks