• Support
  • Forums
  • Blogs

Security Advisory - OSSIM v5.2.4 addresses 26 vulnerabilities

LBarracoLBarraco

AlienVault Employee
+20

Notice Date: May 19, 2016

Several vulnerabilities were discovered in the underlying OS packages in AlienVault USM and OSSIM v5.2.3 and earlier. All of the vulnerabilities below have been confirmed and fixed in the AlienVault v5.2.4. AlienVault encourages customers to upgrade to eliminate the vulnerabilities.

See the v5.2.4 patch release notice for details on the release.


Security Update

AlienVault ID: ENG-102641
Description: The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
CVE ID: CVE-2013-4786
Note: This vulnerability only applies to AlienVault hardware appliances


Debian Security Update

AlienVault ID: ENG-103419
Description: Memory corruption in the ASN.1 encoder
CVE ID: CVE-2016-2108
CVSS: 9.8


Debian Security Update

AlienVault ID: ENG-103419
Description: Padding oracle in AES-NI CBC MAC check
CVE ID: CVE-2016-2107
CVSS: 5.9


Debian Security Update

AlienVault ID: ENG-103419
Description: EVP_EncryptUpdate overflow
CVE ID: CVE-2016-2106
CVSS: 5.9


Debian Security Update

AlienVault ID: ENG-103419
Description: EVP_EncodeUpdate overflow
CVE ID: CVE-2016-2105
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-103419
Description: ASN.1 BIO excessive memory allocation
CVE ID: CVE-2016-2109
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-103419
Description: EBCDIC overread
CVE ID: CVE-2016-2176
CVSS: 8.2


Debian Security Update

AlienVault ID: ENG-103378
Description: Ignore PAM environment vars when UseLogin=yes
CVE ID: CVE-2015-8325


Debian Security Update

AlienVault ID: ENG-103396
Description: Signedness vulnerability causing heap overflow in libgd2
CVE ID: CVE-2016-3074
CVSS: 9.8


Security Update

AlienVault ID: ENG-103416
Description: The AlienVault web server carries various scripts, containing multiple vulnerabilities that, chained, allow to execute arbitrary code/commands against the target server.
Reported by: Rgod (Trend Micro's Zero Day Initiative)
ZDI ID: ZDI-CAN-3704
CVSS: 7.5


Security Update

AlienVault ID: ENG-103417
Description: It's possible to bypass web authentication in AlienVault USM.
Reported by: Rgod (Trend Micro's Zero Day Initiative)
ZDI ID: ZDI-CAN-3704
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-103348
Description: Multiple errors in DCE-RPC code
CVE ID: CVE-2015-5370
CVSS: 5.9


Debian Security Update

AlienVault ID: ENG-103348
Description: Man in the middle attacks possible with NTLMSSP
CVE ID: CVE-2016-2110
CVSS: 5.9


Debian Security Update

AlienVault ID: ENG-103348
Description: NETLOGON Spoofing Vulnerability
CVE ID: CVE-2016-2111
CVSS: 6.3


Debian Security Update

AlienVault ID: ENG-103348
Description: The LDAP client and server doesn't enforce integrity protection
CVE ID: CVE-2016-2112
CVSS: 4.3


Debian Security Update

AlienVault ID: ENG-103348
Description: Missing TLS certificate validation allows man in the middle attacks
CVE ID: CVE-2016-2113
CVSS: 7.4


Debian Security Update

AlienVault ID: ENG-103348
Description: "server signing = mandatory" is not enforced
CVE ID: CVE-2016-2114
CVSS: 5.9


Debian Security Update

AlienVault ID: ENG-103348
Description: SMB client connections for IPC traffic are not integrity protected
CVE ID: CVE-2016-2115
CVSS: 5.9


Debian Security Update

AlienVault ID: ENG-103348
Description: The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."
CVE ID: CVE-2016-2118
CVSS: 5.9


Debian Security Update

AlienVault ID: ENG-103436
Description: The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
CVE ID: CVE-2016-4008
CVSS: 5.9


Security Update

AlienVault ID: ENG-103449
Description: get_directive_kdb directive_id SQL injection remote code execution vulnerability
Reported by: Trend Micro's Zero Day Initiative
ZDI ID: ZDI-CAN-3742
CVSS: 10


Debian Security Update

AlienVault ID: ENG-103452
Description: Buffer over-write in finfo_open with malformed magic file
CVE ID: CVE-2015-8865


Debian Security Update

AlienVault ID: ENG-103452
Description: Integer overflow in php_raw_url_encode
CVE ID: CVE-2016-4070


Debian Security Update

AlienVault ID: ENG-103452
Description: Format string vulnerability in php_snmp_error()
CVE ID: CVE-2016-4071


Debian Security Update

AlienVault ID: ENG-103452
Description: Invalid memory write in phar on filename containing \0 inside name
CVE ID: CVE-2016-4072


Debian Security Update

AlienVault ID: ENG-103452
Description: Negative size parameter in memcpy
CVE ID: CVE-2016-4073

Share post:

This discussion has been closed.