• Support
  • Forums
  • Blogs

Security Advisory - AlienVault v5.3.5 addresses 18 vulnerabilities

LBarracoLBarraco

AlienVault Employee
+20

Updated: March 17, 2017

Notice Date: January 24, 2016

Several vulnerabilities were discovered in the underlying OS packages in AlienVault USM and OSSIM v5.3.4 and earlier. All of the vulnerabilities below have been confirmed and fixed in the AlienVault v5.3.5. AlienVault encourages customers to upgrade all AlienVault appliances to eliminate the vulnerabilities.

See the v5.3.5 release notice for details on the release.


Debian Security Update

AlienVault ID: ENG-104037
Description: os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
CVE ID: CVE-2016-6153
CVSS: 5.9


Debian Security Update

AlienVault ID: ENG-104719
Description: PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.
CVE ID: CVE-2016-9138
CVSS: 9.8


Debian Security Update

AlienVault ID: ENG-104719
Description: Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
CVE ID: CVE-2016-9933
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-104719
Description: ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
CVE ID: CVE-2016-9934
CVSS: 7.5


Debian Security Update

AlienVault ID: ENG-104722
Description: TBD - Reserved
CVE ID: CVE-2016-1252
CVSS: TBD - Reserved


Debian Security Update

AlienVault ID: ENG-104789
Description: The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.
CVE ID: CVE-2016-9935
CVSS: 9.8


Debian Security Update

AlienVault ID: ENG-104805
Description: libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.
CVE ID: CVE-2016-2119
CVSS: 6.8


Debian Security Update

AlienVault ID: ENG-104805
Description: Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability.
CVE ID: CVE-2016-2123
CVSS: TBD - Reserved


Debian Security Update

AlienVault ID: ENG-104805
Description: Unconditional privilege delegation to Kerberos servers in trusted realms.
CVE ID: CVE-2016-2125
CVSS: TBD - Reserved


Debian Security Update

AlienVault ID: ENG-104805
Description: Flaws in Kerberos PAC validation can trigger privilege elevation.
CVE ID: CVE-2016-2126
CVSS: TBD - Reserved


AlienVault Security Update

AlienVault ID: ENG-104862
Description: An external attacker could open a reverse Shell using a PHP session ID and the current php code in nfsen.
CVSS: 7.4
CVE CVE-2017-6971
Reported by: Foregenix Ltd / Paul Taylor


AlienVault Security Update

AlienVault ID: ENG-104863
Description: Privilege escalation using a nfsen socket.
CVSS: 6.0
CVE: CVE-2017-6970
Reported by: Foregenix Ltd / Paul Taylor


AlienVault Security Update

AlienVault ID: ENG-104869
Description: Vulnerable version of Nfdump
ZDI ID: ZDI-CAN-4416
CVSS: 10


Debian Security Update

AlienVault ID: ENG-104887
Description: libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
CVE ID: CVE-2016-4658
CVSS: 10


Debian Security Update

AlienVault ID: ENG-104887
Description: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
CVE ID: CVE-2016-5131
CVSS: 9.8


Debian Security Update

AlienVault ID: ENG-104888
Description: cookie headers and other client-specific private information leak
CVE ID: CVE-2016-10002
CVSS: TBD - Reserved


Debian Security Update

AlienVault ID: ENG-104891
Description: Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
CVE ID: CVE-2016-9933
CVSS: 5.0


Debian Security Update

AlienVault ID: ENG-104898
Description: An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
CVE ID: CVE-2016-9877
CVSS: 9.8

Share post:

This discussion has been closed.