• Support
  • Forums
  • Blogs

AlienVault v5.0.1 addresses twenty-two (22) vulnerabilities

LBarracoLBarraco

AlienVault Employee
+20
Updated: October 23, 2015

Several vulnerabilities were discovered in the underlying OS packages in AlienVault v5.0 and lower, including a vulnerability with our asset discovery scanner. All of the vulnerabilities below have been confirmed and fixed in the AlienVault v5.0.1. AlienVault encourages customers to upgrade to v5.0.1 to eliminate the vulnerabilities.

See the v5.0.1 patch release notice for details on the release.



Asset Discovery Scanner Vulnerability

AlienVault ID: ENG-99866
Description: Vulnerability in the asset discovery scanner makes it possible to escalate privileges so that any command inserted on the os.execute method will be launched as root.
CVSS v2 Base Score: 3.4
CVSS v2 Vector: (AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N)
Attribution: Vincent Hautot at Sysdream


Asset Discovery Scanner Vulnerability

AlienVault ID: ENG-99865
Description: Vulnerability in the asset discovery scanner makes it possible to execute a command remotely to run an asset discovery scan.
CVSS v2 Base Score: 6.5
CVSS v2 Vector: (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
Attribution: Vincent Hautot at Sysdream


NBE Import Vulnerability

AlienVault ID: ENG-98424
Description: Several vulnerabilities were discovered in the NBE import page that include reflected/stored XSS where the hostname/IP portion of the NBE import is vulnerable. Learn more...
CVSS v2 Base Score: 1.4
CVSS v2 Vector: (AV:L/AC:M/Au:S/C:N/I/A:N/E:POC/RL:U/RC:ND)
Attribution: Peter Lapp from Morpho Trust USA


NBE Import Vulnerability

AlienVault ID: ENG-98424
Description: Several vulnerabilities were discovered in the NBE import page that include SQL Injection (blind and non-blind) and Command Injection in which the hostname/IP portion of the NBE is vulnerable. Learn more...
CVSS v2 Base Score: 4.4
CVSS v2 Vector: (AV:N/AC:M/Au:S/C/I/A:N/E:POC/RL:U/RC:ND)
Attribution: Peter Lapp from Morpho Trust USA


Debian Security Update

AlienVault ID: ENG-99922
Description: readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
CVE ID: CVE-2014-9653
CVSS v2 Base Score: 7.5
CVSS v2 Vector: (AV:N/AC:L/Au:N/C/I/A/E:F/RL:OF/RC:C/CDP:L/TD:L/CR:L/IR:L/AR:L)


Debian Security Update

AlienVault ID: ENG-99920
Description: Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
CVE ID: CVE-2013-7439
CVSS v2 Base Score: 7.5
CVSS v2 Vector: (AV:N/AC:L/Au:N/C/I/A/E:F/RL:OF/RC:C/CDP:L/TD:L/CR:L/IR:L/AR:L)


Debian Security Update

AlienVault ID: ENG-99918
Description: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
CVE ID: CVE-2015-1799
CVSS v2 Base Score: 4.3
CVSS v2 Vector: (AV:A/AC:M/Au:N/C:N/I/A/E:F/RL:OF/RC:C/CDP:L/TD:L/CR:ND/IR:L/AR:L)


Debian Security Update

AlienVault ID: ENG-99919
Description: Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.
CVE ID: CVE-2015-2806
CVSS v2 Base Score: 10.0
CVSS v2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C/CDP:LM/TD:L/CR:M/IR:M/AR:M)


Debian Security Update

AlienVault ID: ENG-99917
Description: The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
CVE ID: CVE-2015-1798
CVSS v2 Base Score: 1.8
CVSS v2 Vector: (AV:A/AC:H/Au:N/C:N/I/A:N/E:POC/RL:OF/RC:C/CDP:L/TD:L/CR:ND/IR:L/AR:ND)


Debian Security Update

AlienVault ID: ENG-99915
Description: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.
CVE ID: CVE-2014-9709
CVSS v2 Base Score: 5.0
CVSS v2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A/E:F/RL:OF/RC:C/CDP:L/TD:L/CR:ND/IR:ND/AR:L)


Debian Security Update

AlienVault ID: ENG-99914
Description: The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
CVE ID: CVE-2014-2497
CVSS v2 Base Score: 4.3
CVSS v2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A/E:F/RL:OF/RC:C/CDP:L/TD:L/CR:ND/IR:ND/AR:L)


Debian Security Update

AlienVault ID: ENG-99911
Description: The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.
CVE ID: CVE-2014-8738
CVSS v2 Base Score: 5.0
CVSS v2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A/E:F/RL:OF/RC:C/CDP:L/TD:L/CR:ND/IR:ND/AR:L)


Debian Security Update

AlienVault ID: ENG-99910
Description: Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
CVE ID: CVE-2014-8737
CVSS v2 Base Score: 3.6
CVSS v2 Vector: (AV:L/AC:L/Au:N/C:N/I/A/E:F/RL:OF/RC:C/CDP:L/TD:L/CR:L/IR:L/AR:L)


Debian Security Update

AlienVault ID: ENG-99909
Description: Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.
CVE ID: CVE-2014-8504
CVSS v2 Base Score: 7.5
CVSS v2 Vector: (AV:N/AC:L/Au:N/C/I/A/E:F/RL:OF/RC:C/CDP:L/TD:L/CR:L/IR:L/AR:L)


Debian Security Update

AlienVault ID: ENG-99907
Description: Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.
CVE ID: CVE-2014-8503
CVSS v2 Base Score: 7.5
CVSS v2 Vector: (AV:N/AC:L/Au:N/C/I/A/E:F/RL:OF/RC:C/CDP:L/TD:L/CR:L/IR:L/AR:L)


Debian Security Update

AlienVault ID: ENG-99906
Description: Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.
CVE ID: CVE-2014-8502
CVSS v2 Base Score: 7.5
CVSS v2 Vector: (AV:N/AC:L/Au:N/C/I/A/E:F/RL:OF/RC:C/CDP:L/TD:L/CR:L/IR:L/AR:L)


Debian Security Update

AlienVault ID: ENG-99904
Description: The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.
CVE ID: CBE-2014-8501
CVSS v2 Base Score: 7.5
CVSS v2 Vector: (AV:N/AC:L/Au:N/C/I/A/E:F/RL:OF/RC:C/CDP:L/TD:L/CR:L/IR:L/AR:L)


Debian Security Update

AlienVault ID: ENG-999000
Description: The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.
CVE ID: CVE-2014-8485
CVSS v2 Base Score: 7.5
CVSS v2 Vector: (AV:N/AC:L/Au:N/C/I/A/E:F/RL:OF/RC:C/CDP:L/TD:L/CR:L/IR:L/AR:L)


Debian Security Update

AlienVault ID: ENG-99899
Description:
CVE ID: CVE-2014-8484
CVSS v2 Base Score: 5.0
CVSS v2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A/E:F/RL:OF/RC:C/CDP:L/TD:L/CR:ND/IR:ND/AR:L)


Debian Security Update

AlienVault ID: ENG-99881
Description: Sidechannel attack on Elgamal
CVE ID: CVE-2014-3591


Debian Security Update

AlienVault ID: ENG-98555
Description: Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.
CVE ID: CVE-2015-0564
CVSS v2 Base Score: 0.9
CVSS v2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A/E:POC/RL:OF/RC:C/CDP:L/TD:L/CR:ND/IR:ND/AR:L)


Debian Security Update

AlienVault ID: ENG-98554
Description: Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.
CVE ID: CVE-2015-0562
CVSS v2 Base Score: 1.0
CVSS v2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A/E:F/RL:OF/RC:C/CDP:L/TD:L/CR:ND/IR:ND/AR:L)


Security Update

AlienVault ID: ENG-101034
Description: AlienVault Unified Security Management av-forward Deserialization of Untrusted Data Remote Code Execution Vulnerability
ZDI ID: ZDI-CAN-3020
Reported by: HP's Zero Day Initiative

Share post:

This discussion has been closed.