• Support
  • Forums
  • Blogs

Security Advisory - AlienVault v5.4.2 addresses 52 Vulnerabilities

SkylarTalleySkylarTalley

AlienVault Employee
+6

Notice Date: September 13, 2017

Several vulnerabilities were discovered in the underlying OS packages in AlienVault USM and OSSIM v5.4.1 and earlier. All of the vulnerabilities below have been confirmed and fixed in v5.4.2. AlienVault encourages customers to upgrade all AlienVault appliances to eliminate the vulnerabilities.

See the v5.4.2 release notice for details on the release.



Debian Security Update
AlienVault ID: ENG-105784 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-7771 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-105223 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-7772 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-105223 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-7773 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-105223 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-7774 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-105223 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-7775 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-105223 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-7776 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-105223 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-7777 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-105223 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-7778 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-105782 Description: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. CVE ID: CVE-2017-7508 CVSS: USM Appliance is not affected.
Debian Security Update
AlienVault ID: ENG-105782 Description: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. CVE ID: CVE-2017-7520 CVSS: USM Appliance is not affected.
Debian Security Update
AlienVault ID: ENG-105782 Description: kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. CVE ID: CVE-2017-7521 CVSS: USM Appliance is not affected.
Debian Security Update
AlienVault ID: ENG-105664 Description: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. CVE ID: CVE-2017-6512 CVSS: 4.3
Debian Security Update
AlienVault ID: ENG-105848 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-3142 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-105848 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-3143 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-105868, ENG-105869 Description: Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. CVE ID: CVE-2017-11103 CVSS: 6.8
Debian Security Update
AlienVault ID: ENG-105884 Description: In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. CVE ID: CVE-2017-9788 CVSS: 6.4
Debian Security Update
AlienVault ID: ENG-106082 Description: Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. CVE ID: CVE-2017-6362 CVSS: Awaiting analysis
Debian Security Update
AlienVault ID: ENG-106081 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-7526 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-106079 Description: A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170. CVE ID: CVE-2017-0663 CVSS: 6.8
Debian Security Update
AlienVault ID: ENG-106079 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-7375 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-106079 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-7376 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-106079 Description: A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash. CVE ID: CVE-2017-9047 CVSS: 5.0
Debian Security Update
AlienVault ID: ENG-106079 Description: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. CVE ID: CVE-2017-9048 CVSS: 5.0
Debian Security Update
AlienVault ID: ENG-106079 Description: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. CVE ID: CVE-2017-9049 CVSS: 5.0
Debian Security Update
AlienVault ID: ENG-106079 Description: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. CVE ID: CVE-2016-9050 CVSS: 5.0
Debian Security Update
AlienVault ID: ENG-106078 Description: Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. CVE ID: CVE-2017-7555 CVSS: 7.5
Debian Security Update
AlienVault ID: ENG-106077 Description: mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. CVE ID: CVE-2017-11423 CVSS: 4.3
Debian Security Update
AlienVault ID: ENG-106077 Description: The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. CVE ID: CVE-2017-6419 CVSS: 6.8
Debian Security Update
AlienVault ID: ENG-106074 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-2885 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-106069 Description: Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVE ID: CVE-2017-3635 CVSS: 0
Debian Security Update
AlienVault ID: ENG-106069 Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVE ID: CVE-2017-3636 CVSS: 4.3
Debian Security Update
AlienVault ID: ENG-106069 Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVE ID: CVE-2017-3641 CVSS: USM Appliance is not vulnerable. MySQL Server component is not installed.
Debian Security Update
AlienVault ID: ENG-106069 Description: CVE ID: CVE-2017-3648 CVSS: USM Appliance is not vulnerable. MySQL Server component is not installed.
Debian Security Update
AlienVault ID: ENG-106069 Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVE ID: CVE-2017-3651 CVSS: USM Appliance is not vulnerable. MySQL Server component is not installed.
Debian Security Update
AlienVault ID: ENG-106069 Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVE ID: CVE-2017-3652 CVSS: USM Appliance is not vulnerable. MySQL Server component is not installed.
Debian Security Update
AlienVault ID: ENG-106069 Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVE ID: CVE-2017-3653 CVSS: USM Appliance is not vulnerable. MySQL Server component is not installed.
Debian Security Update
AlienVault ID: ENG-106073 Description: The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. CVE ID: CVE-2017-7346 CVSS: 4.9
Debian Security Update
AlienVault ID: ENG-106073 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2017-7482 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-106073 Description: Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions. CVE ID: CVE-2017-7533 CVSS: 6.9
Debian Security Update
AlienVault ID: ENG-106073 Description: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet. CVE ID: CVE-2017-7541 CVSS: 7.2
Debian Security Update
AlienVault ID: ENG-106073 Description: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket. CVE ID: CVE-2017-7542 CVSS: 4.9
Debian Security Update
AlienVault ID: ENG-106073 Description: The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call. CVE ID: CVE-2017-9605 CVSS: 4.9
Debian Security Update
AlienVault ID: ENG-106073 Description: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures. CVE ID: CVE-2017-10810 CVSS: 7.8
Debian Security Update
AlienVault ID: ENG-106073 Description: The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216. CVE ID: CVE-2017-10911 CVSS: 4.9
Debian Security Update
AlienVault ID: ENG-106073 Description: The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact. CVE ID: CVE-2017-11176 CVSS: 10.0
Debian Security Update
AlienVault ID: ENG-106073 Description: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23. CVE ID: CVE-2017-1000365 CVSS: 7.2
Debian Security Update
AlienVault ID: ENG-106073 Description: The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. CVE ID: CVE-2017-7889 CVSS: 7.2
Debian Security Update
AlienVault ID: ENG-106073 Description: The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. CVE ID: CVE-2014-9940 CVSS: 7.6
Debian Security Update
AlienVault ID: ENG-106073 Description: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line. CVE ID: CVE-2017-1000363 CVSS: 7.2
Debian Security Update
AlienVault ID: ENG-106056 Description: RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE ID: CVE-2016-9063 CVSS: Reserved
Debian Security Update
AlienVault ID: ENG-105791 Description: XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. CVE ID: CVE-2017-9233 CVSS: 5.0
Debian Security Update
AlienVault ID: ENG-106080 Description: Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. CVE ID: CVE-2017-0379 CVSS: 5.0
FrontlineCyberSec

Share post:

Sign In or Register to comment.