• Support
  • Forums
  • Blogs

Security Advisory - AlienVault v5.3 addresses 57 vulnerabilities

LBarracoLBarraco

AlienVault Employee
+20

Updated: August 23, 2016

Notice Date: August 2, 2016

Several vulnerabilities were discovered in the underlying OS packages in AlienVault USM and OSSIM v5.2.5 and earlier. All of the vulnerabilities below have been confirmed and fixed in the AlienVault v5.3. AlienVault encourages customers to upgrade all AlienVault appliances to eliminate the vulnerabilities.

See the v5.3 release notice for details on the release.


Security Update

AlienVault ID: ENG-101779
Description: Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.


Debian Security Update

AlienVault ID: ENG-103605
Description: The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.
CVE ID: CVE-2016-4537
CVSS: 6.4


Debian Security Update

AlienVault ID: ENG-103605
Description: The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.
CVE ID: CVE-2016-4539
CVSS: 6.4


Debian Security Update

AlienVault ID: ENG-103605
Description: The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.
CVE ID: CVE-2016-4540
CVSS: 6.4


Debian Security Update

AlienVault ID: ENG-103605
Description: The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.
CVE ID: CVE-2016-4541
CVSS: 6.4


Debian Security Update

AlienVault ID: ENG-103605
Description: The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
CVE ID: CVE-2016-4542
CVSS: 6.4


Debian Security Update

AlienVault ID: ENG-103605
Description: The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
CVE ID: CVE-2016-4543
CVSS: 6.4


Debian Security Update

AlienVault ID: ENG-103605
Description: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
CVE ID: CVE-2016-4544
CVSS: 6.4


Debian Security Update

AlienVault ID: ENG-103641
Description: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
CVE ID: CVE-2016-6702
CVSS: 4.3


Debian Security Update

AlienVault ID: ENG-103641
Description: The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.
CVE ID: CVE-2016-5300
CVSS: 7.8


Security Update

AlienVault ID: ENG-103642
Description: Attackers could get credentials from other user that click on the Web link. Any kind of XSS attack are available with this issue.
CVSS: 3.2
Reported by: Joel Noguera


Security Update

AlienVault ID: ENG-103709
Description: v5.2 was vulnerable to a Non-Persistent Cross-Site Scripting vulnerability when processing user-supplied input to the "/ossim/conf/reload.php" script.
CVEE: CVE-2016-6913
CVSS: 3.5
Reported by: Julien Ahrens


Debian Security Update

AlienVault ID: ENG-103711
Description: Fixed memory overrun bug in gdImageScaleTwoPass
CVE ID: CVE-2013-7456
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103711
Description: Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
CVE ID: CVE-2016-3074
CVSS: 5.9


Debian Security Update

AlienVault ID: ENG-103711
Description: The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the zero, one, or two global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.
CVE ID: CVE-2016-4538
CVSS: 5.5


Debian Security Update

AlienVault ID: ENG-103711
Description: get_icu_value_internal out-of-bounds read
CVE ID: CVE-2016-5093
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103711
Description: Don't create strings with lengths outside int range
CVE ID: CVE-2016-5094
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103711
Description: Don't create strings with lengths outside int range
CVE ID: CVE-2016-5095
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103711
Description: int/size_t confusion in fread
CVE ID: CVE-2016-5096
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
CVE ID: CVE-2015-7515
CVSS: 4.9


Debian Security Update

AlienVault ID: ENG-103761
Description: The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
CVE ID: CVE-2016-0821
CVSS: 5.0


Debian Security Update

AlienVault ID: ENG-103761
Description: nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c.
CVE ID: CVE-2016-1237
CVSS: 4.9


Debian Security Update

AlienVault ID: ENG-103761
Description: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
CVE ID: CVE-2016-1583
CVSS: 7.2


Debian Security Update

AlienVault ID: ENG-103761
Description: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.
CVE ID: CVE-2016-2117
CVSS: 5.0


Debian Security Update

AlienVault ID: ENG-103761
Description: The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.
CVE ID: CVE-2016-2143
CVSS: 6.9


Debian Security Update

AlienVault ID: ENG-103761
Description: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
CVE ID: CVE-2016-2184
CVSS: 4.9


Debian Security Update

AlienVault ID: ENG-103761
Description: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE ID: CVE-2016-2185
CVSS: 4.9


Debian Security Update

AlienVault ID: ENG-103761
Description: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE ID: CVE-2016-2186
CVSS: 4.9


Debian Security Update

AlienVault ID: ENG-103761
Description: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE ID: CVE-2016-2187
CVSS: 4.9


Debian Security Update

AlienVault ID: ENG-103761
Description: Null pointer dereference in trace_writeback_dirty_page()
CVE ID: CVE-2016-3070
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
CVE ID: CVE-2016-3134
CVSS: 7.2


Debian Security Update

AlienVault ID: ENG-103761
Description: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
CVE ID: CVE-2016-3136
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.
CVE ID: CVE-2016-3137
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
CVE ID: CVE-2016-3138
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE ID: CVE-2016-3140
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
CVE ID: CVE-2016-3156
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows guest local OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.
CVE ID: CVE-2016-3157
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
CVE ID: CVE-2016-3672
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.
CVE ID: CVE-2016-3951
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: remote buffer overflow in usbip
CVE ID: CVE-2016-3955
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
CVE ID: CVE-2016-3961
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
CVE ID: CVE-2016-4470
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
CVE ID: CVE-2016-4482
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.
CVE ID: CVE-2016-4485
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
CVE ID: CVE-2016-4486
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
CVE ID: CVE-2016-4537
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
CVE ID: CVE-2016-4565
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
CVE ID: CVE-2016-4569
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.
CVE ID: CVE-2016-4578
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.
CVE ID: CVE-2016-4581
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
CVE ID: CVE-2016-4805
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
CVE ID: CVE-2016-4913
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: Corrupted offset allows for arbitrary decrements in compat IPT_SO_SET_REPLACE setsockopt
CVE ID: CVE-2016-4997
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt
CVE ID: CVE-2016-4998
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
CVE ID: CVE-2016-5243
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103761
Description: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
CVE ID: CVE-2016-5244
CVSS: TBD


Debian Security Update

AlienVault ID: ENG-103865
Description: User enumeration via covert timing channel
CVE ID: CVE-2016-6210
CVSS: TBD

Share post:

Comments

  • the USM listens on port 40003 to communicate with it's agents. This
    daemon facilitates communication with agents and allows unauthorized
    users to issue predefined commands to them by connecting to the
    AlienVault USM.


    [url=http://phenocal.org][color=#ecf3f7]คาสิโน[/color][/url]   
Sign In or Register to comment.