• Support
  • Forums
  • Blogs

Security Advisory - AlienVault 5.3.2 address 70 vulnerabilities

LBarracoLBarraco

AlienVault Employee
+19
Updated: November 3, 2016

Notice Date: October 3, 2016

Several vulnerabilities were discovered in the underlying OS packages in AlienVault USM and OSSIM v5.3.1 and earlier. All of the vulnerabilities below have been confirmed and fixed in the AlienVault v5.3.2. AlienVault encourages customers to upgrade all AlienVault appliances to eliminate the vulnerabilities.

See the v5.3.2 release notice for details on the release.



AlienVault Security Update

AlienVault ID: ENG-103100
Description: An attacker that can coerce an authenticated user to upload a malicious NBE file can execute arbitrary JavaScript within the context of that user’s session. This is possible due to inconsistent management of temporary files, predictable filenames in the web root and failure to set a Content-Type header, allowing the browser to determine the document type.
CVSS: 1.5
Reported by: Denis Andzakovic


AlienVault Security Update

AlienVault ID: ENG-103441
Description: A CSRF attack consists of an attacker providing a malicious link to a valid application user. If a user is tricked into clicking the link, the user will carry out the action specified by the attacker if logged into the application.
CVSS: 1.8


AlienVault Security Update

AlienVault ID: ENG-103442
Description: During testing, the AlienVault application responded to a few requests with a high latency. By repeatedly performing these requests, the application will stop responding to any requests.
CVSS: 2.7


AlienVault Security Update

AlienVault ID: ENG-103880
Description: User can modify requests to forge permissions and then delete alarms


AlienVault Security Update

AlienVault ID: ENG-103928
Description: URL in vulnerability scan scheduler is vulnerable to reflected XSS in multiple parameters, including jobname, timeout, sched_id, and targets
CVSS: 3.5
CVE: CVE-2016-8583
Reported by: Peter Lapp


AlienVault Security Update

AlienVault ID: ENG-103929
Description: There's an XSS vulnerability in the User-Agent header of the login process. It's possible to inject a script that then gets executed when mousing over the User-Agent field in Settings -> Current Sessions.
CVSS: 3.5
CVE: CVE-2016-8581
Reported by: Peter Lapp


AlienVault Security Update

AlienVault ID: ENG-103930
Description: SQL injection vulnerability in the value parameter of /ossim/dashboard/sections/widgets/data/gauge.php on line 231. By sending a serialized array with a SQL query in the type field, it's possible to execute an arbitrary SQL query.
CVSS: 5.5
CVE: CVE-2016-8582
Reported by: Peter Lapp


AlienVault Security Update

AlienVault ID: ENG-103931
Description: There's a PHP object injection vulnerability in multiple widget files. These widgets are used with serialize/unserialize functions in case you edit dashboard widgets.
CVSS: 6.5
CVE: CVE-2016-8580
Reported by: Peter Lapp


Debian Security Update

AlienVault ID: ENG-103988
Description: epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.
CVE ID: CVE-2016-6504
CVSS: 4.3


Debian Security Update

AlienVault ID: ENG-103988
Description: epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.
CVE ID: CVE-2016-6505
CVSS: 4.3


Debian Security Update

AlienVault ID: ENG-103988
Description: epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
CVE ID: CVE-2016-6506
CVSS: 4.3


Debian Security Update

AlienVault ID: ENG-103988
Description: epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
CVE ID: CVE-2016-6507
CVSS: 4.3


Debian Security Update

AlienVault ID: ENG-103988
Description: epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.
CVE ID: CVE-2016-6508
CVSS: 4.3


Debian Security Update

AlienVault ID: ENG-103988
Description: epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE ID: CVE-2016-6509
CVSS: 4.3


Debian Security Update

AlienVault ID: ENG-103988
Description: Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
CVE ID: CVE-2016-6510
CVSS: 4.3


Debian Security Update

AlienVault ID: ENG-103988
Description: epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet.
CVE ID: CVE-2016-6511
CVSS: 4.3


Debian Security Update

AlienVault ID: ENG-103994
Description: possible mis-evaluation of nested CASE-WHEN expressions
CVE ID: CVE-2016-5423
CVSS: Reserved


Debian Security Update

AlienVault ID: ENG-103994
Description: Fix client programs' handling of special characters in database and role names
CVE ID: CVE-2016-5424
CVSS: Reserved


Debian Security Update

AlienVault ID: ENG-103995
Description: libgcrypt: PRNG output is predictable
CVE ID: CVE-2016-6313
CVSS: Reserved


AlienVault Security Update

AlienVault ID: ENG-103996
Description: fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
CVE ID: CVE-2016-5384
CVSS: 4.6


AlienVault Security Update

AlienVault ID: ENG-103997
Description: Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
CVE ID: CVE-2014-9906
CVSS: 10


AlienVault Security Update

AlienVault ID: ENG-103997
Description: Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
CVE ID: CVE-2015-8949
CVSS: 10


Debian Security Update

AlienVault ID: ENG-103998
Description: Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
CVE ID: CVE-2016-5421
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-103998
Description: curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
CVE ID: CVE-2016-5419
CVSS: 5.0


Debian Security Update

AlienVault ID: ENG-103998
Description: curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
CVE ID: CVE-2016-5420
CVSS: 5.0


Debian Security Update

AlienVault ID: ENG-104000
Description: libgcrypt: PRNG output is predictable
CVE ID: CVE-2016-6313
CVSS: Reserved


Debian Security Update

AlienVault ID: ENG-104006
Description: linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
CVE ID: CVE-2013-7458
CVSS: 2.1


Debian Security Update

AlienVault ID: ENG-104013
Description: GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
CVE ID: CVE-2016-4971
CVSS: 4.3


Debian Security Update

AlienVault ID: ENG-104040
Description: bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.
CVE ID: CVE-2015-8916
CVSS: 6.5


Debian Security Update

AlienVault ID: ENG-104040
Description: bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.
CVE ID: CVE-2015-8917
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-104040
Description: The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.
CVE ID: CVE-2015-8919
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-104040
Description: The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.
CVE ID: CVE-2015-8920
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-104040
Description: The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CVE ID: CVE-2015-8921
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-104040
Description: The read_CodersInfo cuntion in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer derference and crash) via a crafted 7z file, related to the _7z_folder struct.
CVE ID: CVE-2015-8922
CVSS: 5.5


Debian Security Update

AlienVault ID: ENG-104040
Description: The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
CVE ID: CVE-2015-8923
CVSS: 6.5


Debian Security Update

AlienVault ID: ENG-104040
Description: The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
CVE ID: CVE-2015-8924
CVSS: 5.5


Debian Security Update

AlienVault ID: ENG-104040
Description: The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.
CVE ID: CVE-2015-8925
CVSS: 5.5


Debian Security Update

AlienVault ID: ENG-104040
Description: The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
CVE ID: CVE-2015-8926
CVSS: 5.5


Debian Security Update

AlienVault ID: ENG-104040
Description: The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CVE ID: CVE-2015-8928
CVSS: 5.5


Debian Security Update

AlienVault ID: ENG-104040
Description: bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.
CVE ID: CVE-2015-8930
CVSS: 5.5


Debian Security Update

AlienVault ID: ENG-104040
Description: Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.
CVE ID: CVE-2015-8931
CVSS: 7.8


Debian Security Update

AlienVault ID: ENG-104040
Description: The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.
CVE ID: CVE-2015-8932
CVSS: 5.5


Debian Security Update

AlienVault ID: ENG-104040
Description: undefined behaviour / signed integer overflow in archive_read_format_tar_skip().
CVE ID: CVE-2015-8933
CVSS: 5.5


Debian Security Update

AlienVault ID: ENG-104040
Description: out of bounds heap read in RAR parser
CVE ID: CVE-2015-8934
CVSS: 5.5


Debian Security Update

AlienVault ID: ENG-104040
Description: 7-Zip read_SubStreamsInfo Integer Overflow
CVE ID: CVE-2016-4300
CVSS: 7.8


Debian Security Update

AlienVault ID: ENG-104040
Description: Libarchive Rar RestartModel Heap Overflow
CVE ID: CVE-2016-4302
CVSS: 7.8


Debian Security Update

AlienVault ID: ENG-104040
Description: Libarchive Rar RestartModel Heap Overflow
CVE ID: CVE-2016-4809
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-104040
Description: undefined behaviour (integer overflow) in iso parser
CVE ID: CVE-2016-5844
CVSS: 6.5


AlienVault Security Update

AlienVault ID: ENG-104047
Description: command injection allowed in backup password
CVSS: 4.1
Reported by: Sam Norbury


Debian Security Update

AlienVault ID: ENG-104071
Description: Solve out-of-bounds-read when reading one zero byte as input.
CVE ID: CVE-2015-8948
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-104071
Description: out-of-bounds stack read in idna_to_ascii_4i
CVE ID: CVE-2016-6261
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-104071
Description: stringprep_utf8_nfkc_normalize reject invalid UTF-8
CVE ID: CVE-2016-6263
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-104085
Description: The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
CVE ID: CVE-2016-4470
CVSS: 5.5


Debian Security Update

AlienVault ID: ENG-104085
Description: net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack.
CVE ID: CVE-2016-5696
CVSS: 4.8


Debian Security Update

AlienVault ID: ENG-104085
Description: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
CVE ID: CVE-2016-5829
CVSS: 7.8


Debian Security Update

AlienVault ID: ENG-104085
Description: Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.
CVE ID: CVE-2016-6136
CVSS: 4.7


Debian Security Update

AlienVault ID: ENG-104085
Description: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.
CVE ID: CVE-2016-6480
CVSS: 5.1


Debian Security Update

AlienVault ID: ENG-104085
Description: Linux tcp_xmit_retransmit_queue use after free
CVE ID: CVE-2016-6828
CVSS: Reserved


Debian Security Update

AlienVault ID: ENG-104085
Description: fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem.
CVE ID: CVE-2016-7118
CVSS: 5.5


Debian Security Update

AlienVault ID: ENG-104172
Description: The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.
CVE ID: CVE-2016-3857
CVSS: 7.8


Debian Security Update

AlienVault ID: ENG-104193
Description: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
CVE ID: CVE-2016-2177
CVSS: 4.3


Debian Security Update

AlienVault ID: ENG-104193
Description: The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
CVE ID: CVE-2016-2178
CVSS: 2.1


Debian Security Update

AlienVault ID: ENG-104193
Description: The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
CVE ID: CVE-2016-2179
CVSS: 5.0


Debian Security Update

AlienVault ID: ENG-104193
Description: The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
CVE ID: CVE-2016-2180
CVSS: 5.0


Debian Security Update

AlienVault ID: ENG-104193
Description: The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.
CVE ID: CVE-2016-2181
CVSS: 5.0


Debian Security Update

AlienVault ID: ENG-104193
Description: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
CVE ID: CVE-2016-2182
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-104193
Description: The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
CVE ID: CVE-2016-6302
CVSS: 5.0


Debian Security Update

AlienVault ID: ENG-104193
Description: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
CVE ID: CVE-2016-6303
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-104193
Description: OCSP Status Request extension unbounded memory growth
CVE ID: CVE-2016-6304
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-104193
Description: The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
CVE ID: CVE-2016-6306
CVSS: 5.9

Share post:

This discussion has been closed.