VARIoT IoT vulnerabilities database
| VAR-201402-0568 | No CVE | Netsynt CRD Voice Router Telnet CLI Default Administrator Password Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Netsynt CRD is a voice router. The Netsynt CRD Voice Router dims the default user credentials, and the Telnet CLI has a 'netsynt' password that allows remote attackers to gain privileged access to the device.
| VAR-201402-0564 | No CVE | Multiple vulnerabilities in multiple ASUS routers |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
ASUS is one of the world's leading providers of 3C solutions, dedicated to providing the most innovative products and applications to individuals and businesses. ASUS multiple router products have security vulnerabilities: 1. A reflective cross-site scripting vulnerability exists on the router error page, allowing an attacker to build a malicious URI, enticing a user to resolve, gaining sensitive information or hijacking a user session. 2, http://192.168.1.1/error_page.htm The error page contains the current administrator password information, allowing the attacker to view the source code to obtain the password information.
An attacker could leverage these issues to gain unauthorized access to the affected device, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device
| VAR-201402-0405 | CVE-2014-1266 | plural Apple of the product Data Security of the component Secure Transport in function SSL Server spoofing vulnerability |
CVSS V2: 5.8 CVSS V3: 7.4 Severity: HIGH |
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. Apple iOS and TV are prone to a security-bypass vulnerability because it fails to properly validate connections.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Apple iOS, Apple TV and Apple OS X are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product; Apple OS X is a dedicated operating system developed for Mac computers. There is a security vulnerability in the 'SSLVerifySignedServerKeyExchange' function in the libsecurity_ssl/lib/sslKeyExchange.c file of the Secure Transport function of the Data Security component in Apple iOS. An attacker in a privileged network position could potentially capture or modify data in an SSL/TLS-protected session. The following versions are affected: Apple iOS 6.x prior to 6.1.6 and 7.x prior to 7.0.6, Apple TV 6.x prior to 6.0.2, Apple OS X 10.9.x prior to 10.9.2 Version. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-02-21-2 iOS 7.0.6
iOS 7.0.6 is now available and addresses the following:
Data Security
Available for: iPhone 4 and later, iPod touch (5th generation),
iPad 2 and later
Impact: An attacker with a privileged network position may capture
or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of
the connection. This issue was addressed by restoring missing
validation steps.
CVE-ID
CVE-2014-1266
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "7.0.6".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTBpN9AAoJEPefwLHPlZEwFpYP/2Ac20hocp3/xWv08EFmpZpl
T52aoGMpJxZFRh307mS76jNXDZ2KodcBboESKbYE8PxMK9DkAtqEbSQjMa9cUK3+
3iUhqNnFm7YrG8+8JVoZ58Jxiq9zEmKGVEf+s4o1F1ORJPAQRDROiC5MBru1UOAb
/sXZeX1Awr81RJeu4f8A9Qddu6AEICr2sYRlWQA8wa24Y2qswrOvqvFRSK4WnB8L
6sqe6JL0C59GhjRh11WsObMQN+vbBcVty7q4e0WfuLNt0LP8yZBC2XruAx0Q2v1k
t5JA6keq7zwAzE+zO4qjYXGTVePyPe7vJx00ndjvTjAI7iXrcRgNxUuH5BAj7O7h
agzSWNKvaUYynJd2oiv5onN7kh+3UbexiXIKOc5ZgOpVk7fgLCnN9UcPuxpGjF5u
RODQM5LtAYEdmzs4Ws711Gu+k0OT3QTWXWu9/k6Yp2DKwCjDp9gzM/EhT5T7PqCL
KM8gnGOiTJh0vUmdI94huF987heNBzoRId/wdip/e2iXKTGB3Z8AipmDi72v63FB
seh7rZWOgxZ+9YSCyXFl4FfcZDBSEhERzw2C8OXP2iXBzspM3LsqlqBbbyTB/bRm
lOSrP8nxkf0Fw8ehqs52wxfjenk2hvnkHddE4HU3DuvoK4M9hZ98sLppHxoxw7Lp
aMn7lqBBT+6V5+uaVkA8
=klGW
-----END PGP SIGNATURE-----
| VAR-201402-0348 | CVE-2014-0758 | Iconics GENESIS32 ActiveX Control Remote code execution vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. GENESIS32 is a new generation of industrial control software developed by ICONICS. Iconics GENESIS32 is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions.
GENESIS32 versions 8.0, 8.02, 8.04 and 8.05 are vulnerable
| VAR-201402-0219 | CVE-2014-0737 | Cisco Unified IP Phone 7960G CTL Trust Chain Enforcement Security Bypass Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795. The Cisco Unified IP Phones 7960G is an IP telephony device developed by Cisco. This may lead to further attacks.
This issue is tracked by Cisco Bug ID CSCuj66795
| VAR-201402-0220 | CVE-2014-0738 | Cisco Adaptive Security Appliance Software Phone Proxy Vulnerabilities that bypass authentication in components |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770.
Successfully exploiting this issue will allow an attacker to perform certain unauthorized actions. This may lead to other attacks.
This issue is being tracked by Cisco Bug ID CSCuj66770
| VAR-201402-0221 | CVE-2014-0739 | Cisco Adaptive Security Appliance Software Phone Proxy In the component sec_db Vulnerability that bypasses authentication |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766. Cisco Adaptive Security Appliance (ASA) is prone to a security-bypass vulnerability.
Successfully exploiting this issue will allow attackers to bypass security restrictions and pass traffic from an untrusted phone through the ASA.
This issue is tracked by Cisco Bug ID's CSCuj66766
| VAR-201402-0539 | No CVE | D-Link DIR-615 Wireless N300 Routing Cross-Site Request Forgery Vulnerability |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
D-Link DIR-615 The Wireless N300 has cross-site request forgery, allowing remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations, such as operating device data, in the context of the target user. D-Link DIR-615 Wireless N300 is a wireless router product from D-Link.
A cross-site request forgery vulnerability exists in the D-Link DIR-615 Wireless N300 router running firmware version 5.10. A remote attacker could use this vulnerability to perform unauthorized operations. D-Link DIR-615 is prone to a cross-site request-forgery vulnerability. This may lead to further attacks
| VAR-201402-0250 | CVE-2014-0499 | Adobe Flash Player and Adobe AIR In ASLR Vulnerabilities that circumvent protection mechanisms |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.
Attackers can exploit this issue to obtain sensitive information. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. A remote attacker can exploit this vulnerability to bypass the ASLR protection mechanism.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to open a specially crafted SWF
file using Adobe Flash Player, possibly resulting in execution of
arbitrary code with the privileges of the process or a Denial of
Service condition. Furthermore, a remote attacker may be able to bypass
the Same Origin Policy or read the clipboard via unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.356"
References
==========
[ 1 ] CVE-2014-0498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0498
[ 2 ] CVE-2014-0499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0499
[ 3 ] CVE-2014-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0502
[ 4 ] CVE-2014-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503
[ 5 ] CVE-2014-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504
[ 6 ] CVE-2014-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0506
[ 7 ] CVE-2014-0507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0507
[ 8 ] CVE-2014-0508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0508
[ 9 ] CVE-2014-0509
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0509
[ 10 ] CVE-2014-0515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0515
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201405-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2014:0196-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0196.html
Issue date: 2014-02-21
CVE Names: CVE-2014-0498 CVE-2014-0499 CVE-2014-0502
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes three security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB14-07,
listed in the References section. Specially-crafted SWF content could
cause flash-plugin to crash or, potentially, execute arbitrary code when a
victim loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1067656 - CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 flash-plugin: multiple flaws lead to arbitrary code execution (APSB14-07)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.341-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.341-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.341-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.341-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.341-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.341-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.341-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.341-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.341-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.341-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-0498.html
https://www.redhat.com/security/data/cve/CVE-2014-0499.html
https://www.redhat.com/security/data/cve/CVE-2014-0502.html
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb14-07.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTByEnXlSAg2UNWIIRAi1rAKCBxwErUI32sTpMx0NosGcAjO+YSQCfZzHe
MX7b/r4AbJFfCjm9BexmJdw=
=X9yY
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201402-0253 | CVE-2014-0502 | Adobe Flash Player and Adobe AIR Memory double free vulnerability |
CVSS V2: 10.0 CVSS V3: 8.8 Severity: HIGH |
Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014. Attacks on this vulnerability 2014 Year 2 Observed on the moon.A third party may execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions. Adobe AIR is a technology developed for the combination of network and desktop applications, which can control cloud programs on the network without going through a browser.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to open a specially crafted SWF
file using Adobe Flash Player, possibly resulting in execution of
arbitrary code with the privileges of the process or a Denial of
Service condition. Furthermore, a remote attacker may be able to bypass
the Same Origin Policy or read the clipboard via unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.356"
References
==========
[ 1 ] CVE-2014-0498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0498
[ 2 ] CVE-2014-0499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0499
[ 3 ] CVE-2014-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0502
[ 4 ] CVE-2014-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503
[ 5 ] CVE-2014-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504
[ 6 ] CVE-2014-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0506
[ 7 ] CVE-2014-0507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0507
[ 8 ] CVE-2014-0508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0508
[ 9 ] CVE-2014-0509
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0509
[ 10 ] CVE-2014-0515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0515
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201405-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2014:0196-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0196.html
Issue date: 2014-02-21
CVE Names: CVE-2014-0498 CVE-2014-0499 CVE-2014-0502
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes three security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB14-07,
listed in the References section. Specially-crafted SWF content could
cause flash-plugin to crash or, potentially, execute arbitrary code when a
victim loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.341-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.341-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.341-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.341-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.341-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.341-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.341-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.341-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.341-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.341-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-0498.html
https://www.redhat.com/security/data/cve/CVE-2014-0499.html
https://www.redhat.com/security/data/cve/CVE-2014-0502.html
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb14-07.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTByEnXlSAg2UNWIIRAi1rAKCBxwErUI32sTpMx0NosGcAjO+YSQCfZzHe
MX7b/r4AbJFfCjm9BexmJdw=
=X9yY
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201402-0249 | CVE-2014-0498 | Adobe Flash Player and Adobe AIR Vulnerable to stack-based buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the usage of regular expressions in ActionScript where an expression could overflow a data structure on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts will likely result in denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to bypass
the Same Origin Policy or read the clipboard via unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.356"
References
==========
[ 1 ] CVE-2014-0498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0498
[ 2 ] CVE-2014-0499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0499
[ 3 ] CVE-2014-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0502
[ 4 ] CVE-2014-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503
[ 5 ] CVE-2014-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504
[ 6 ] CVE-2014-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0506
[ 7 ] CVE-2014-0507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0507
[ 8 ] CVE-2014-0508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0508
[ 9 ] CVE-2014-0509
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0509
[ 10 ] CVE-2014-0515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0515
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201405-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2014:0196-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0196.html
Issue date: 2014-02-21
CVE Names: CVE-2014-0498 CVE-2014-0499 CVE-2014-0502
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes three security issues is
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB14-07,
listed in the References section. Specially-crafted SWF content could
cause flash-plugin to crash or, potentially, execute arbitrary code when a
victim loads a page containing the malicious SWF content. (CVE-2014-0498,
CVE-2014-0499, CVE-2014-0502)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.341.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1067656 - CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 flash-plugin: multiple flaws lead to arbitrary code execution (APSB14-07)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.341-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.341-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.341-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.341-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.341-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.341-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.341-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.341-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.341-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.341-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-0498.html
https://www.redhat.com/security/data/cve/CVE-2014-0499.html
https://www.redhat.com/security/data/cve/CVE-2014-0502.html
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb14-07.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTByEnXlSAg2UNWIIRAi1rAKCBxwErUI32sTpMx0NosGcAjO+YSQCfZzHe
MX7b/r4AbJFfCjm9BexmJdw=
=X9yY
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201402-0508 | No CVE | Linksys WRT120N 'fprintf()' Function Remote Stack Buffer Overflow Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The Cisco Linksys WRT120N is a wireless router product from Cisco (USA).
A remote stack-based buffer overflow vulnerability exists in the Cisco Linksys WRT120N. The vulnerability stems from the program's incorrect boundary check of user-supplied input, causing the program to copy data beyond the allocated memory buffer space. An attacker could use this vulnerability to execute arbitrary code in the context of an affected program or cause a denial of service. There are vulnerabilities in Linksys WRT120N running firmware version 1.0.07, other versions may also be affected. Failed exploit attempts will result in denial-of-service conditions
| VAR-201402-0194 | CVE-2014-0709 | Cisco UCS Director Vulnerabilities that gain management access |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930. Cisco Unified Computing System Director is prone to a security-bypass vulnerability.
Successful attacks can allow an attacker to gain complete access to the affected devices with root privileges.
This issue is tracked by Cisco Bug ID CSCui73930. Cisco UCS Director (formerly known as Cisco Cloupia) is a set of converged infrastructure management solutions from Cisco. The solution supports users to manage computing power, network services, storage, and virtual machines from a single management console to deploy and release IT services more quickly and at low cost. The vulnerability is caused by the program using the default root account
| VAR-201402-0195 | CVE-2014-0710 | Cisco Firewall Services Module Software Cut-Through Service operation interruption in proxy function (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service (device reload) via certain matching traffic, aka Bug ID CSCuj16824. ( Device reload ) There are vulnerabilities that are put into a state. Vendors have confirmed this vulnerability Bug ID CSCuj16824 It is released as.Denial of service by a third party through specific matching traffic ( Device reload ) There is a possibility of being put into a state.
An attacker can exploit this issue to cause a vulnerable device to reload, triggering a denial-of-service condition.
This issue is tracked by Cisco Bug ID CSCuj16824
| VAR-201402-0196 | CVE-2014-0718 | Cisco IPS Software produce-verbose-alert Service disruption in functionality (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmented packets, aka Bug ID CSCui91266. Cisco IPS Software is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause the Analysis Engine process to become unresponsive, which leads to denial-of-service conditions.
This issue is being tracked by Cisco Bug ID CSCui91266. The software protects against malware, worms, viruses, and more
| VAR-201402-0197 | CVE-2014-0719 | Cisco IPS Denial of service in the implementation of software control plane access lists (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394. Cisco IPS Software is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause the MainApp process to become unresponsive, which leads to denial-of-service conditions.
This issue is being tracked by Cisco Bug ID CSCui67394. The software protects against malware, worms, viruses, and more
| VAR-201402-0198 | CVE-2014-0720 | Cisco IPS Service disruption in software (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via a flood of jumbo frames, aka Bug ID CSCuh94944.
Attackers can exploit this issue to cause the Analysis Engine process to become unresponsive, which leads to denial-of-service conditions.
This issue is being tracked by Cisco Bug ID CSCuh94944. The software protects against malware, worms, viruses, and more
| VAR-201402-0199 | CVE-2014-0721 | Cisco Unified SIP Phone 3905 In the firmware root Vulnerability for which access rights are acquired |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574.
An attacker can exploit this issue to gain unauthorized root-level access to an affected device. This may aid in further attacks.
This issue is being tracked by Cisco Bug ID CSCuh75574
| VAR-201411-0042 | CVE-2014-2037 | Openswan IKEv2 Payloads Incomplete Fix Remote Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466. Openswan is a VPN implemented using ipsec technology. Openswan is prone to a remote denial-of-service vulnerability.
Openswan 2.6.40 and prior are vulnerable
| VAR-201402-0242 | CVE-2014-1966 | RuggedCom Rugged Operating System SMTP Protocol Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets. RuggedCom Inc is the world's leading manufacturer of high performance networking and communications equipment for industrial environments. RuggedCom Rugged Operating System is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause the management services of the devices to become unresponsive resulting in denial-of-service conditions. Siemens RuggedCom ROS is a set of operating system used in RuggedCom series switches by Siemens of Germany. A resource management error vulnerability exists in the SNMP implementation in Siemens RuggedCom ROS. The following versions are affected: Siemens RuggedCom ROS 3.10.1 and prior, ROS 3.11 for RS950G, ROS 3.12 prior to 3.12.4, ROS 4.0 for RSG2488