VARIoT IoT vulnerabilities database
| VAR-201405-0493 | CVE-2014-2162 | Cisco TelePresence TC Software and TE Software SIP Service disruption in implementations (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCud29566. Multiple remote denial-of-service vulnerabilities
2. A buffer-overflow vulnerability
3. A command-injection vulnerability
4. A command-injection vulnerability
5. A heap-based buffer-overflow vulnerability
6. A local buffer-overflow vulnerability
7. A local authentication-bypass vulnerability
8. A remote denial-of-service vulnerability
Attackers can exploit these issues to execute arbitrary code in the context of the device, bypass authentication mechanisms, gain unauthorized access, execute arbitrary commands, or cause denial-of-service conditions; other attacks may also be possible.
These issues are being tracked by Cisco Bug IDs CSCud29566, CSCua64961, CSCuj94651, CSCtq72699, CSCto70562, CSCua86589, CSCty44804, CSCue60211, CSCue60202, CSCud81796, CSCub67693, CSCub67692, and CSCtq78849. Cisco TelePresence is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco)
| VAR-201404-0699 | No CVE | NETGEAR DGN2200 ADSL Router Web Interface HTML Injection vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
NETGEAR DGN2200 is a wireless router product from NETGEAR.
An HTML injection vulnerability exists in Netgear DGN2200, which originates from the fact that the user does not properly filter the input submitted by the program before generating dynamic content. An attacker could use this vulnerability to execute arbitrary code on a browser in the context of an affected site. Helps steal cookie-based authentication and launch further attacks. There are vulnerabilities in Netgear DGN2200 1.0.0.29_1.7.29. Other versions may also be affected
| VAR-201405-0303 | CVE-2014-2882 | Citrix NetScaler Application Delivery Controller and NetScaler Gateway Management GUI Vulnerability in |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. There are currently no details about this vulnerability. Please keep an eye on the cnnvd website or manufacturer announcements. Vulnerability title: Lack of SSL Certificate Validation in Citrix Netscaler
CVE: CVE-2014-2882
Vendor: Citrix
Product: Netscaler
Affected version: All prior to 10.1-122.17/9.3-66.5
Fixed version: 10.1-122.17/9.3-66.5
Reported by: Graham Sutherland
Details:
The remote configuration Java applet assigns an empty trust manager to
its SSL context, causing it to accept any certificate regardless of
validity.
Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2882/
Copyright:
Copyright (c) Portcullis Computer Security Limited 2014, All rights
reserved worldwide. Permission is hereby granted for the electronic
redistribution of this information. It is not to be edited or altered in
any way without the express written consent of Portcullis Computer
Security Limited.
Disclaimer:
The information herein contained may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are NO warranties, implied or otherwise, with regard to this information
or its use. Any use of this information is at the user's risk. In no
event shall the author/distributor (Portcullis Computer Security
Limited) be held liable for any damages whatsoever arising out of or in
connection with the use or spread of this information
| VAR-201405-0534 | CVE-2014-3788 | Cogent Real-Time Systems Cogent DataHub Heap Buffer Overflow Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request. Authentication is not required to exploit this vulnerability. The specific flaw exists within the included Web Server. By providing a request with a crafted Content-Length field, an attacker is able to overflow a heap buffer. An attacker could leverage this to execute arbitrary code in the context of the DataHub process. Cogent DataHub is software for SCADA and automation. Failed exploit attempts will likely result in denial-of-service conditions.
Versions prior to Cogent DataHub 7.3.5 are vulnerable
| VAR-201404-0564 | CVE-2014-2186 | Cisco WebEx Meetings Server of Web Cross-site request forgery vulnerability in framework |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777. Vendors have confirmed this vulnerability Bug ID CSCuj81777 It is released as.A third party may be able to hijack the authentication of any user.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is being tracked by Cisco Bug IDs CSCuj81777, CSCuj81786 and CSCuj81864. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution
| VAR-201404-0288 | CVE-2014-0114 | TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. TERASOLUNA Server Framework for Java(Web) provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for Java(Web) bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated (CVE-2014-0114). Therefore, this vulnerability affects TERASOLUNA Server Framework for Java(Web) as well.On a server where the product in running, a remote attacker may steal information or execute arbitrary code.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.
Apache Struts versions 1.0.0 through 1.3.10 are vulnerable.
This is a different underlying flaw. For future reference, please use
CVE-2014-0114 in regards to this issue.
Struts 1 has had its End-Of-Life announcement one year ago. In a cross
project effort, the Struts team is looking for a correction or
mitigation path though. Please stay tuned for further information
regarding a solution.
This is a cross-list posting. If you have questions regarding this
report, please direct them to security@struts.apache.org only.
[1] http://struts.apache.org/release/2.3.x/docs/s2-021.html
--
Ren\xe9 Gielen
http://twitter.com/rgielen
. Description:
Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. (CVE-2014-0114)
Refer to the readme.txt file included with the patch files for
installation instructions. Solution:
The References section of this erratum contains a download link (you must
log in to download the update).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114
http://advisories.mageia.org/MGASA-2014-0219.html
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
2341ea3fd6c92a10ab4c0be7ef5ca9da mes5/i586/struts-1.2.9-6.1mdvmes5.2.i586.rpm
8d911347cc4fdb08383a2d6ad21860e6 mes5/i586/struts-javadoc-1.2.9-6.1mdvmes5.2.i586.rpm
fc1e7ac540a1d4c923cf773769c976b2 mes5/i586/struts-manual-1.2.9-6.1mdvmes5.2.i586.rpm
3304297e4b88aae688e8edcdd11bf478 mes5/i586/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.i586.rpm
b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
7e2abd47c0862fa5010ee686d76d2353 mes5/x86_64/struts-1.2.9-6.1mdvmes5.2.x86_64.rpm
96dd8e36bf4b46577498ad8616dce319 mes5/x86_64/struts-javadoc-1.2.9-6.1mdvmes5.2.x86_64.rpm
37a1b595d7f2f73bdff8d13bcb70e0a6 mes5/x86_64/struts-manual-1.2.9-6.1mdvmes5.2.x86_64.rpm
8c298a1e1e9e8ad81acb0166b2f18109 mes5/x86_64/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.x86_64.rpm
b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64:
1e1b9440affefd05d5fe0c4860fdcd9b mbs1/x86_64/struts-1.3.10-3.1.mbs1.noarch.rpm
5ae68b0b7f991676f67562a51dd956a7 mbs1/x86_64/struts-javadoc-1.3.10-3.1.mbs1.noarch.rpm
f135f96b6d2121b157b7a62afd449ea6 mbs1/SRPMS/struts-1.3.10-3.1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFTdeNbmqjQ0CJFipgRAo5XAJ4oaaS6iRfHSPHEO3og+Se4kWkdfgCgrhMb
HUtc9GTxbEwte2/fTU7bJ5M=
=5Ewj
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: struts security update
Advisory ID: RHSA-2014:0474-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0474.html
Issue date: 2014-05-07
CVE Names: CVE-2014-0114
=====================================================================
1. Summary:
Updated struts packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
Important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
2. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. This could lead to remote code
execution under certain conditions. (CVE-2014-0114)
All struts users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. All running applications
using struts must be restarted for this update to take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters
6. Package List:
RHEL Desktop Workstation (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm
i386:
struts-1.2.9-4jpp.8.el5_10.i386.rpm
struts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm
struts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm
struts-manual-1.2.9-4jpp.8.el5_10.i386.rpm
struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm
x86_64:
struts-1.2.9-4jpp.8.el5_10.x86_64.rpm
struts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm
struts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm
struts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm
struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm
i386:
struts-1.2.9-4jpp.8.el5_10.i386.rpm
struts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm
struts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm
struts-manual-1.2.9-4jpp.8.el5_10.i386.rpm
struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm
ia64:
struts-1.2.9-4jpp.8.el5_10.ia64.rpm
struts-debuginfo-1.2.9-4jpp.8.el5_10.ia64.rpm
struts-javadoc-1.2.9-4jpp.8.el5_10.ia64.rpm
struts-manual-1.2.9-4jpp.8.el5_10.ia64.rpm
struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ia64.rpm
ppc:
struts-1.2.9-4jpp.8.el5_10.ppc.rpm
struts-debuginfo-1.2.9-4jpp.8.el5_10.ppc.rpm
struts-javadoc-1.2.9-4jpp.8.el5_10.ppc.rpm
struts-manual-1.2.9-4jpp.8.el5_10.ppc.rpm
struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ppc.rpm
s390x:
struts-1.2.9-4jpp.8.el5_10.s390x.rpm
struts-debuginfo-1.2.9-4jpp.8.el5_10.s390x.rpm
struts-javadoc-1.2.9-4jpp.8.el5_10.s390x.rpm
struts-manual-1.2.9-4jpp.8.el5_10.s390x.rpm
struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.s390x.rpm
x86_64:
struts-1.2.9-4jpp.8.el5_10.x86_64.rpm
struts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm
struts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm
struts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm
struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-0114.html
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTacDGXlSAg2UNWIIRAhvbAJ0Za5jRat54AcgbIdHKlzbZN1y1hACcC8DR
HJqJt2S278nXdfwLyGc7EJQ=
=qMuX
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Release Date: 2014-08-12
Last Updated: 2014-08-12
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP SiteScope .
References:
CVE-2014-0114 (SSRT101662)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP SiteScope: v11.1x, v11.2x
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-0114 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided patches for HP SiteScope to address the vulnerability.
Download the patch from HP Software Support Online according to the table
below.
SiteScope Affected version
Resolution patch details
Link to download
11.1x
SiteScope 11.13 Windows 32-bit Cumulative Fixes
http://support.openview.hp.com/selfsolve/document/LID/SIS_00315
SiteScope 11.13 Windows 64-bit Cumulative Fixes
http://support.openview.hp.com/selfsolve/document/LID/SIS_00316
SiteScope 11.13 Linux 32-bit Cumulative Fixes
http://support.openview.hp.com/selfsolve/document/LID/SIS_00317
SiteScope 11.13 Linux 64-bit Cumulative Fixes
http://support.openview.hp.com/selfsolve/document/LID/SIS_00318
SiteScope 11.13 Solaris 32-bit Cumulative Fixes
http://support.openview.hp.com/selfsolve/document/LID/SIS_00319
SiteScope 11.13 Solaris 64-bit Cumulative Fixes
http://support.openview.hp.com/selfsolve/document/LID/SIS_00320
11.2x
SiteScope 11.24.271 Intermediate Patch for Windows 32bit and 64bit
http://support.openview.hp.com/selfsolve/document/LID/SIS_00321
SiteScope 11.24.271 Intermediate Patch for Windows 32bit on 64bit
http://support.openview.hp.com/selfsolve/document/LID/SIS_00322
SiteScope 11.24.271 Intermediate Patch for Linux
http://support.openview.hp.com/selfsolve/document/LID/SIS_00323
SiteScope 11.24.271 Intermediate Patch for Solaris
http://support.openview.hp.com/selfsolve/document/LID/SIS_00324
HISTORY
Version:1 (rev.1) - 12 August 2014 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201607-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Commons-BeanUtils: Arbitrary code execution
Date: July 20, 2016
Bugs: #534498
ID: 201607-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Apache Commons BeanUtils does not properly suppress the class property,
which could lead to the remote execution of arbitrary code.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Commons BeanUtils users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/commons-beanutils-1.9.2"
References
==========
[ 1 ] CVE-2014-0114
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0114
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-09
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201405-0243 | CVE-2014-0196 | Linux Kernel of drivers/tty/n_tty.c of n_tty_write Service disruption in functions (DoS) Vulnerabilities |
CVSS V2: 6.9 CVSS V3: 5.5 Severity: MEDIUM |
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. The Linux kernel is prone to a memory-corruption vulnerability.
Local attackers can exploit this issue to execute arbitrary code in contexts of the application or corrupt the kernel memory. Failed exploit attempts can result in a denial-of-service condition.
Linux kernel 3.0 through versions 3.14.3 are vulnerable.
This BID is being retired as a duplicate of BID 67199. The NFSv4 implementation is one of the distributed file system protocols. The vulnerability is caused by the program not properly managing the access rights of the tty driver. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-rt security update
Advisory ID: RHSA-2014:0557-01
Product: Red Hat Enterprise MRG for RHEL-6
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0557.html
Issue date: 2014-05-27
CVE Names: CVE-2014-0100 CVE-2014-0196 CVE-2014-1737
CVE-2014-1738 CVE-2014-2672 CVE-2014-2678
CVE-2014-2706 CVE-2014-2851 CVE-2014-3122
=====================================================================
1. Summary:
Updated kernel-rt packages that fix multiple security issues are now
available for Red Hat Enterprise MRG 2.5.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64
3.
* A race condition leading to a use-after-free flaw was found in the way
the Linux kernel's TCP/IP protocol suite implementation handled the
addition of fragments to the LRU (Last-Recently Used) list under certain
conditions. A remote attacker could use this flaw to crash the system or,
potentially, escalate their privileges on the system by sending a large
amount of specially crafted fragmented packets to that system.
(CVE-2014-0100, Important)
* A race condition flaw, leading to heap-based buffer overflows, was found
in the way the Linux kernel's N_TTY line discipline (LDISC) implementation
handled concurrent processing of echo output and TTY write operations
originating from user space when the underlying TTY driver was PTY.
An unprivileged, local user could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-0196,
Important)
* A flaw was found in the way the Linux kernel's floppy driver handled user
space provided data in certain error code paths while processing FDRAWCMD
IOCTL commands.
(CVE-2014-1737, Important)
* It was found that the Linux kernel's floppy driver leaked internal kernel
memory addresses to user space during the processing of the FDRAWCMD IOCTL
command. A local user with write access to /dev/fdX could use this flaw to
obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)
Note: A local user with write access to /dev/fdX could use these two flaws
(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their
privileges on the system.
* A use-after-free flaw was found in the way the ping_init_sock() function
of the Linux kernel handled the group_info reference counter. A local,
unprivileged user could use this flaw to crash the system or, potentially,
escalate their privileges on the system. (CVE-2014-2851, Important)
* It was found that a remote attacker could use a race condition flaw in
the ath_tx_aggr_sleep() function to crash the system by creating large
network traffic on the system's Atheros 9k wireless network adapter.
(CVE-2014-2672, Moderate)
* A NULL pointer dereference flaw was found in the rds_iw_laddr_check()
function in the Linux kernel's implementation of Reliable Datagram Sockets
(RDS). A local, unprivileged user could use this flaw to crash the system.
(CVE-2014-2678, Moderate)
* A race condition flaw was found in the way the Linux kernel's mac80211
subsystem implementation handled synchronization between TX and STA wake-up
code paths. A remote attacker could use this flaw to crash the system.
(CVE-2014-2706, Moderate)
* It was found that the try_to_unmap_cluster() function in the Linux
kernel's Memory Managment subsystem did not properly handle page locking in
certain cases, which could potentially trigger the BUG_ON() macro in the
mlock_vma_page() function. A local, unprivileged user could use this flaw
to crash the system. (CVE-2014-3122, Moderate)
Red Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and
CVE-2014-1738. The CVE-2014-0100 issue was discovered by Nikolay
Aleksandrov of Red Hat.
Users are advised to upgrade to these updated packages, which upgrade the
kernel-rt kernel to version kernel-rt-3.10.33-rt32.34 and correct these
issues. The system must be rebooted for this update to take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
To install kernel packages manually, use "rpm -ivh [package]". Do not use
"rpm -Uvh" as that will remove the running kernel binaries from your
system. You may use "rpm -e" to remove old kernels after determining that
the new kernel functions properly on your system.
5. Bugs fixed (https://bugzilla.redhat.com/):
1070618 - CVE-2014-0100 kernel: net: inet frag code race condition leading to user-after-free
1083246 - CVE-2014-2672 kernel: ath9k: tid->sched race in ath_tx_aggr_sleep()
1083274 - CVE-2014-2678 kernel: net: rds: dereference of a NULL device in rds_iw_laddr_check()
1083512 - CVE-2014-2706 Kernel: net: mac80211: crash dues to AP powersave TX vs. wakeup race
1086730 - CVE-2014-2851 kernel: net: ping: refcount issue in ping_init_sock() function
1093076 - CVE-2014-3122 Kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking
1094232 - CVE-2014-0196 kernel: pty layer race condition leading to memory corruption
1094299 - CVE-2014-1737 CVE-2014-1738 kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command
6. Package List:
MRG Realtime for RHEL 6 Server v.2:
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEMRG-RHEL6/SRPMS/kernel-rt-3.10.33-rt32.34.el6rt.src.rpm
noarch:
kernel-rt-doc-3.10.33-rt32.34.el6rt.noarch.rpm
kernel-rt-firmware-3.10.33-rt32.34.el6rt.noarch.rpm
x86_64:
kernel-rt-3.10.33-rt32.34.el6rt.x86_64.rpm
kernel-rt-debug-3.10.33-rt32.34.el6rt.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.33-rt32.34.el6rt.x86_64.rpm
kernel-rt-debug-devel-3.10.33-rt32.34.el6rt.x86_64.rpm
kernel-rt-debuginfo-3.10.33-rt32.34.el6rt.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.33-rt32.34.el6rt.x86_64.rpm
kernel-rt-devel-3.10.33-rt32.34.el6rt.x86_64.rpm
kernel-rt-trace-3.10.33-rt32.34.el6rt.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.33-rt32.34.el6rt.x86_64.rpm
kernel-rt-trace-devel-3.10.33-rt32.34.el6rt.x86_64.rpm
kernel-rt-vanilla-3.10.33-rt32.34.el6rt.x86_64.rpm
kernel-rt-vanilla-debuginfo-3.10.33-rt32.34.el6rt.x86_64.rpm
kernel-rt-vanilla-devel-3.10.33-rt32.34.el6rt.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-0100.html
https://www.redhat.com/security/data/cve/CVE-2014-0196.html
https://www.redhat.com/security/data/cve/CVE-2014-1737.html
https://www.redhat.com/security/data/cve/CVE-2014-1738.html
https://www.redhat.com/security/data/cve/CVE-2014-2672.html
https://www.redhat.com/security/data/cve/CVE-2014-2678.html
https://www.redhat.com/security/data/cve/CVE-2014-2706.html
https://www.redhat.com/security/data/cve/CVE-2014-2851.html
https://www.redhat.com/security/data/cve/CVE-2014-3122.html
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFThL2GXlSAg2UNWIIRAnKNAKC8L7AEZsVfN3SDIRby/ZWJeNGsfACePcvG
f8gO1I7yuxLQ1jWWp5abYcQ=
=WQJC
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
CVE-2014-1737 / CVE-2014-1738
Matthew Daley discovered that missing input sanitising in the
FDRAWCMD ioctl and an information leak could result in privilege
escalation.
CVE-2014-2851
Incorrect reference counting in the ping_init_sock() function allows
denial of service or privilege escalation.
CVE-2014-3122
Incorrect locking of memory can result in local denial of service.
For the stable distribution (wheezy), these problems have been fixed in
version 3.2.57-3+deb7u1. This update also fixes a regression in the isci
driver and suspend problems with certain AMD CPUs (introduced in the
updated kernel from the Wheezy 7.5 point release).
For the unstable distribution (sid), these problems will be fixed soon. ============================================================================
Ubuntu Security Notice USN-2197-1
May 06, 2014
linux-ec2 vulnerability
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
The system could be made to crash or run programs as an administrator.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.32-363-ec2 2.6.32-363.77
After a standard system update you need to reboot your computer to make
all the necessary changes. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64
3. 7):
Source:
kernel-3.10.0-123.1.2.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-123.1.2.el7.noarch.rpm
x86_64:
kernel-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debug-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-123.1.2.el7.x86_64.rpm
kernel-devel-3.10.0-123.1.2.el7.x86_64.rpm
kernel-headers-3.10.0-123.1.2.el7.x86_64.rpm
kernel-tools-3.10.0-123.1.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-123.1.2.el7.x86_64.rpm
perf-3.10.0-123.1.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
Source:
kernel-3.10.0-123.1.2.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-123.1.2.el7.noarch.rpm
x86_64:
kernel-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debug-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-123.1.2.el7.x86_64.rpm
kernel-devel-3.10.0-123.1.2.el7.x86_64.rpm
kernel-headers-3.10.0-123.1.2.el7.x86_64.rpm
kernel-tools-3.10.0-123.1.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-123.1.2.el7.x86_64.rpm
perf-3.10.0-123.1.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch:
kernel-doc-3.10.0-123.1.2.el7.noarch.rpm
x86_64:
kernel-debug-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-123.1.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-123.1.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
python-perf-3.10.0-123.1.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
noarch:
kernel-doc-3.10.0-123.1.2.el7.noarch.rpm
ppc64:
kernel-debug-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm
kernel-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-123.1.2.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-123.1.2.el7.ppc64.rpm
perf-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm
python-perf-3.10.0-123.1.2.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-123.1.2.el7.ppc64.rpm
s390x:
kernel-debug-debuginfo-3.10.0-123.1.2.el7.s390x.rpm
kernel-debuginfo-3.10.0-123.1.2.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-123.1.2.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-123.1.2.el7.s390x.rpm
perf-debuginfo-3.10.0-123.1.2.el7.s390x.rpm
python-perf-3.10.0-123.1.2.el7.s390x.rpm
python-perf-debuginfo-3.10.0-123.1.2.el7.s390x.rpm
x86_64:
kernel-debug-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-123.1.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-123.1.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
python-perf-3.10.0-123.1.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
kernel-3.10.0-123.1.2.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-123.1.2.el7.noarch.rpm
x86_64:
kernel-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debug-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-123.1.2.el7.x86_64.rpm
kernel-devel-3.10.0-123.1.2.el7.x86_64.rpm
kernel-headers-3.10.0-123.1.2.el7.x86_64.rpm
kernel-tools-3.10.0-123.1.2.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-123.1.2.el7.x86_64.rpm
perf-3.10.0-123.1.2.el7.x86_64.rpm
perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-123.1.2.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v
| VAR-201404-0530 | CVE-2014-3130 | SAP Netweaver ABAP Application Server of Basis of ABAP Help Vulnerability gained in documentation and translation tools |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages. SAP BASIS is prone to a security bypass vulnerability.
Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and to gain unauthorized actions
| VAR-201404-0560 | CVE-2014-2182 | Cisco Adaptive Security Appliance Service disruption in software (DoS) Vulnerabilities |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID CSCun45520.
An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users.
This issue is tracked by Cisco Bug ID CSCun45520
| VAR-201404-0561 | CVE-2014-2183 | ASR 1000 Runs on the router Cisco IOS XE of L2TP Service disruption in modules (DoS) Vulnerabilities |
CVSS V2: 6.3 CVSS V3: - Severity: MEDIUM |
The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The vulnerability is due to the failure to properly process L2TP packets. The attacker can use the vulnerability to send malformed L2TP packets to crash the service and cause a denial of service attack.
Successful exploits may allow attackers to cause a reload of the affected ESP card, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCun09973
| VAR-201404-0562 | CVE-2014-2184 | Cisco Unified Communications Manager of IP Manager Assistant Vulnerabilities that can capture important information in components |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. Vendors have confirmed this vulnerability Bug ID CSCun74352 It is released as.Skillfully crafted by a third party URL You may get important information through.
An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.
This issue is being tracked by Cisco BugId CSCun74352. IP Manager Assistant (IPMA) is one of the PC-based network management applications, also known as network assistant, which is mainly used to simplify network configuration, deployment, and daily management and maintenance
| VAR-201404-0563 | CVE-2014-2185 | Cisco Unified Communications Manager of Call Detail Records Management Vulnerabilities that can capture important information in components |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.
An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.
This issue is being tracked by Cisco BugId CSCun74374. Call Detail Records (CDR) Management is one of the call detail record management applications
| VAR-201404-0559 | CVE-2014-2180 | Cisco Unified Contact Center Express of Document Management Component upload vulnerability |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133.
An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
This issue is being tracked by Cisco Bug ID CSCun74133. Document Management is one of the document management applications. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP request to upload any to any pathname
| VAR-201404-0287 | CVE-2014-0113 | Apache Struts of CookieInterceptor In ClassLoader Vulnerability manipulated |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation (manipulate)" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.
Apache Struts versions 2.0.0 through 2.3.16.1 are vulnerable
| VAR-201404-0197 | CVE-2014-0515 | Adobe Flash Player Vulnerable to buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014. Adobe Flash Player Contains a buffer overflow vulnerability. Attacks on this vulnerability 2014 Year 4 Observed on the moon.A third party may execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201405-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Flash Player: Multiple vulnerabilities
Date: May 03, 2014
Bugs: #501960, #504286, #507176, #508986
ID: 201405-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Flash Player, the
worst of which could result in execution of arbitrary code.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to bypass
the Same Origin Policy or read the clipboard via unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.356"
References
==========
[ 1 ] CVE-2014-0498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0498
[ 2 ] CVE-2014-0499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0499
[ 3 ] CVE-2014-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0502
[ 4 ] CVE-2014-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503
[ 5 ] CVE-2014-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504
[ 6 ] CVE-2014-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0506
[ 7 ] CVE-2014-0507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0507
[ 8 ] CVE-2014-0508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0508
[ 9 ] CVE-2014-0509
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0509
[ 10 ] CVE-2014-0515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0515
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201405-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2014:0447-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0447.html
Issue date: 2014-04-29
CVE Names: CVE-2014-0515
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes one security issue is now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having Critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. This
vulnerability is detailed in the Adobe Security Bulletin APSB14-13, listed
in the References section.
A flaw was found in the way flash-plugin displayed certain SWF content. An
attacker could use this flaw to create a specially crafted SWF file that
would cause flash-plugin to crash or, potentially, execute arbitrary code
when the victim loaded a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.356-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.356-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.356-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.356-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.356-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.356-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.356-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.356-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.356-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.356-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-0515.html
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb14-13.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTYCvjXlSAg2UNWIIRAo9cAJ9+xjq+IArfYWnElZ3eS4DDSMRNfgCfTUtG
+MNXS/YC8jqbPt7rn6VE0cA=
=5N+u
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201404-0551 | CVE-2014-0780 |
InduSoft Web Studio NTWebServer Directory Traversal Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201709-0120 |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: HIGH |
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ability to browse outside of the web root via directory traversal. A remote attacker can abuse this to download sensitive files and execute remote code under the context of the user. InduSoft Web Studio is a complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. InduSoft Web Studio is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary files within the context of the web server. Information harvested may aid in launching further attacks.
InduSoft Web Studio 7.1 is vulnerable; other versions may also be affected
| VAR-201404-0430 | CVE-2014-2908 |
Siemens SIMATIC S7-1200 Cross-Site Scripting Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201805-0053 |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Siemens SIMATIC is an automation software in a single engineering environment. A cross-site scripting vulnerability exists in Siemens SIMATIC S7-1200. Because some unspecified input is not properly filtered before being used, an attacker can exploit the vulnerability to execute arbitrary HTML and script code in a user's browser session at the affected site. Siemens SIMATIC S7-1200 is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input before being returned to the user. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
SIMATIC S7-1200 versions 2.x and 3.x are vulnerable. Siemens SIMATIC S7-1200 is a programmable logic controller (PLC) used in small and medium-sized automation systems of Siemens, Germany
| VAR-201404-0631 | CVE-2014-2601 | HP Integrated Lights-Out 2 Denial of service on existing servers (DoS) Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. HP Integrated Lights-Out is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to trigger denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04244787
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04244787
Version: 1
HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2014-04-24
Last Updated: 2014-04-24
Potential Security Impact: Denial of Service. The denial
of service condition occurs only when the iLO 2 is scanned by vulnerability
assessment tools that test for CVE-2014-0160 (Heartbleed vulnerability). iLO
2 servers are not vulnerable to CVE-2014-0160.
References: CVE-2014-2601, SSRT101509
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-2601 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following firmware updates available to resolve this
vulnerability: Please note that this firmware update does not apply to
p-class blades (BL20p G4, BL25p G2, and BL45p G2). A separate firmware
release will be made available for those systems.
Online ROM Flash Component for Windows x86
ftp://ftp.hp.com/pub/softlib2/software1/sc-windows-fw-ilo/p1443420321/v96367
Online ROM Flash Component for Windows x64
ftp://ftp.hp.com/pub/softlib2/software1/sc-windows-fw-ilo/p2023401934/v96368
Linux Online Flash Component
ftp://ftp.hp.com/pub/softlib2/software1/sc-linux-fw-ilo/p1285463034/v96369
HISTORY
Version:1 (rev.1) - 24 April 2014 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlNZIVMACgkQ4B86/C0qfVlLDgCeLGHy2eFzRdumcQvrJ2BPQ7Tv
4XkAmwamdnoBJwk4PWXXgd5MTFQ7kYCP
=XOP2
-----END PGP SIGNATURE-----
| VAR-201404-0443 | CVE-2014-2909 | Siemens SIMATIC S7-1200 CPU Device integration Web On the server CRLF Injection vulnerability |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. Siemens SIMATIC is an automation software in a single engineering environment. Since some unknown input is not properly filtered before being used to display the HTTP header, the attacker can use the HTTP header of the vulnerability to send the response to the user. Siemens SIMATIC S7-1200 is prone to an HTTP-response-splitting vulnerability because it fails to properly sanitize user-supplied input.
Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.
SIMATIC S7-1200 2.x and 3.x versions are vulnerable. Siemens SIMATIC S7-1200 is a programmable logic controller (PLC) used in small and medium-sized automation systems of Siemens, Germany
| VAR-201404-0040 | CVE-2012-3946 | Cisco IOS Interface ACL Vulnerabilities that can be bypassed |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682. Cisco IOS Has an interface ACL A vulnerability exists that circumvents the restriction. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches.
This issue allows remote attackers to bypass security restrictions and perform unauthorized actions. This may aid in further attacks.
This issue is tracked by Cisco Bug ID CSCty73682