• Support
  • Forums
  • Blogs

Security Advisory - AlienVault v5.0.4 addresses 31 vulnerabilities

LBarracoLBarraco

AlienVault Employee
+19
Notice Date: June 23, 2015

Several vulnerabilities were discovered in the underlying OS packages in AlienVault USM and OSSIM v5.0.3 and lower, including a vulnerability with our asset discovery scanner. All of the vulnerabilities below have been confirmed and fixed in the AlienVault v5.0.4. AlienVault encourages customers to upgrade to eliminate the vulnerabilities.

See the v5.0.4 patch release notice for details on the release.



Debian Security Update

AlienVault ID: ENG-100705
Description: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE ID: CVE-2015-3202



Debian Security Update

AlienVault ID: ENG-99389
Description: GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
CVE ID: CVE-2015-0282
CVSS v2 Base Score: 5.0
CVSS v2 Vector: (AV:N/AC:L/Au:N/C:N/I/A:N/E:U/RL:OF/RC:C)


Debian Security Update

AlienVault ID: ENG-99389
Description: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE ID: CVE-2015-0294


Debian Security Update

AlienVault ID: ENG-99389
Description: Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
CVE ID: CVE-2014-3466
CVSS v2 Base Score: 5.0
CVSS v2 Vector: (AV:N/AC:M/Au:N/C/I/A/E:U/RL:OF/RC:C)


Debian Security Update

AlienVault ID: ENG-99389
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
CVE ID: CVE-2013-0169
CVSS v2 Base Score: 2.6
CVSS v2 Vector: (AV:N/AC:H/Au:N/C/I:N/A:N/E:U/RL:OF/RC:C)


Debian Security Update

AlienVault ID: ENG-99389
Description: lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE ID: CVE-2014-0092
CVSS v2 Base Score: 5.8
CVSS v2 Vector: (AV:N/AC:M/Au:N/C/I/A:N/E:U/RL:OF/RC:C)


Debian Security Update

AlienVault ID: ENG-99389
Description: lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
CVE ID: CVE-2014-1959
CVSS v2 Base Score: 5.8
CVSS v2 Vector: (AV:N/AC:M/Au:N/C/I/A:N/E:U/RL:OF/RC:C)


Debian Security Update

AlienVault ID: ENG-100770
Description: epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.
CVE ID: CVE-2015-3811
CVSS v2 Base Score: 5.0
CVSS v2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A/E:F/RL:U/RC:C)


Security Update

AlienVault ID: ENG-100807
Description: Beginning is OSSEC 2.7 (d88cf1c9) a feature was added to syscheck, which is the daemon that monitors file changes on a system, called "report_changes". This feature is only available on *NIX systems. It's purpose is to help determine what about a file has changed. The logic to do accomplish this is as follows which can be found in src/syscheck/seechanges.c
CVE ID: CVE-2015-3222
CVSS v2 Base Score: 3.5
CVSS v2 Vector: (AV:L/AC:H/Au:S/C/I/A/E:U/RL:W/RC:C)


Debian Security Update

AlienVault ID: ENG-100856
Description: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE ID: CVE-2011-5321


Debian Security Update

AlienVault ID: ENG-100856
Description: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE ID: CVE-2012-6689


Debian Security Update

AlienVault ID: ENG-100856
Description: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.
CVE ID: CVE-2014-3184
CVSS v2 Base Score: 4.7
CVSS v2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)


Debian Security Update

AlienVault ID: ENG-100856
Description: The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
CVE ID: CVE-2014-8159
CVSS v2 Base Score: 6.9
CVSS v2 Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)


Debian Security Update

AlienVault ID: ENG-100856
Description: The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
CVE ID: CVE-2014-9683
CVSS v2 Base Score: 3.6
CVSS v2 Vector: (AV:L/AC:L/Au:N/C:N/I/A/E:U/RL:OF/RC:C)


Debian Security Update

AlienVault ID: ENG-100856
Description: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE ID: CVE-2014-9728


Debian Security Update

AlienVault ID: ENG-100856
Description: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE ID: CVE-2014-9729


Debian Security Update

AlienVault ID: ENG-100856
Description: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE ID: CVE-2014-9730


Debian Security Update

AlienVault ID: ENG-100856
Description: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE ID: CVE-2014-9731


Debian Security Update

AlienVault ID: ENG-100856
Description: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE ID: CVE-2014-1805


Debian Security Update

AlienVault ID: ENG-100856
Description: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
CVE ID: CVE-2015-2041
CVSS v2 Base Score: 4.6
CVSS v2 Vector: (AV:L/AC:L/Au:N/C/I/A/E:U/RL:OF/RC:C)


Debian Security Update

AlienVault ID: ENG-100856
Description: net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
CVE ID: CVE-2015-2042
CVSS v2 Base Score: 4.6
CVSS v2 Vector: (AV:L/AC:L/Au:N/C/I/A/E:U/RL:OF/RC:C)


Debian Security Update

AlienVault ID: ENG-100856
Description: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.
CVE ID: CVE-2015-2830
CVSS v2 Base Score: 1.9
CVSS v2 Vector: (AV:L/AC:M/Au:N/C:N/I/A:N/E:U/RL:OF/RC:C)


Debian Security Update

AlienVault ID: ENG-100856
Description: The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
CVE ID: CVE-2015-2922
CVSS v2 Base Score: 3.3
CVSS v2 Vector: (AV:A/AC:L/Au:N/C:N/I:N/A/E:U/RL:OF/RC:C)


Debian Security Update

AlienVault ID: ENG-100856
Description: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.
CVE ID: CVE-2015-3339
CVSS v2 Base Score: 3.3
CVSS v2 Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)


Debian Security Update

AlienVault ID: ENG-100856
Description: This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE ID: CVE-2015-4167


Debian Security Update

AlienVault ID: ENG-100817
Description: The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.
CVE ID: CVE-2015-1792
CVSS v2 Base Score: 5.0
CVSS v2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)


Debian Security Update

AlienVault ID: ENG-100815
Description: The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.
CVE ID: CVE-2015-1790
CVSS v2 Base Score: 5.0
CVSS v2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)


Debian Security Update

AlienVault ID: ENG-100814
Description: The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.
CVE ID: CVE-2015-1789
CVSS v2 Base Score: 4.3
CVSS v2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)


Debian Security Update

AlienVault ID: ENG-100812
Description: The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.
CVE ID: CVE-2014-8176
CVSS v2 Base Score: 7.5
CVSS v2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)


Debian Security Update

AlienVault ID: ENG-100816
Description: Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
CVE ID: CVE-2015-1791
CVSS v2 Base Score: 6.8
CVSS v2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)


Debian Security Update

AlienVault ID: ENG-100708
Description: Fix race condition in NewSessionTicket. If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.
CVE ID: CVE-2015-1791
CVSS v2 Base Score: 6.8
CVSS v2 Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Share post:

This discussion has been closed.