CVE-2017-10053 Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

漏洞类别:Local

漏洞等级:

漏洞信息

IBM Tivoli Monitoring automates monitoring of essential system resources to detect bottlenecks and potential problems.

There are several vulnerabilities in IBM SDK Java Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) component :
-An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system.:
-A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges.

AFFECTED PRODUCTS AND VERSIONS:
The following components of IBM Tivoli Monitoring (ITM) are affected by this bulletin:
-Java (CANDLEHOME) ITM 6.2.3 Fix Pack 1 (JRE 1.6) through 6.3.0 Fix Pack 7 (JRE 7)
-Java (Tivoli Enterprise Portal client browser or webstart) ITM 6.2.3 Fix pack 1 through 6.3.0 Fix Pack 7

QID Detection Logic(Authenticated)
It checks for vulnerable versions of IBM Tivoli Monitoring (ITM)

漏洞危害

Successful exploitation allows remote attackers to take control of the system.:

解决方案

Vendor has released a patch to fix this vulnerability. More information can be obtained from IBM Security Bulletin.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

IBM Security Bulletin: Windows

0daybank

CVE-2014-8361 Realtek SDK Command Injection Remote Code Execution Vulnerability.

漏洞类别:Hardware

漏洞等级:

漏洞信息

Realtek provides Full Range of Connectivity, Multimedia, and Consumer Electronics Solutions.

Realtek SDK Miniigd UPnP SOAP Command Execution. Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Failed exploit attempts will result in a denial-of-service condition.

Affected Product:
rtl81xx SDK

QID Detection Logic (UN-Authenticated)
This checks for HTTP header in response received from devices.

漏洞危害

On successful exploitation it allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK.

解决方案

No solution is available at the time of entry.

Workaround:
Restrict interaction with the service to trusted machines.

0daybank

CVE-2017-15429 Red Hat Update for chromium-browser (RHSA-2017:3479)

漏洞类别:RedHat

漏洞等级:

漏洞信息

Chromium is an open-source web browser, powered by WebKit (Blink).

A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-15429)

Affected Products:
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386

漏洞危害

A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:3479 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:3479: Red Hat Enterprise Linux

0daybank

CVE-2017-14746 Fedora Security Update for samba (FEDORA-2017-366046c758)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for samba to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-366046c758: Fedora 26

0daybank

CVE-2017-15429 Google Chrome Prior to 63.0.3239.108 UXSS Vulnerability

漏洞类别:Local

漏洞等级:

漏洞信息

Google Chrome is a web browser for multiple platforms developed by Google.

This Google Chrome update fixes the following vulnerability:
CVE-2017-15429: UXSS in V8

Affected Versions:
Google Chrome prior to 63.0.3239.108

QID Detection Logic(Authenticated)
It checks for vulnerable version of Google Chrome.

漏洞危害

Successful exploitation of these vulnerabilities could allow a remote attacker to exploit in the browser itself or in the browser plugins.

解决方案

Customers are advised to upgrade to Google Chrome 63.0.3239.108 or a later version.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Google Chrome: MAC OS X

Google Chrome: Windows

0daybank

CVE-2017-12356 Cisco Jabber Multiple Cross-Site Scripting Vulnerabilities

漏洞类别:Local

漏洞等级:

漏洞信息

Cisco Jabber for Windows is a unified communications client within the Cisco Jabber suite of collaboration software.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface.

Affected Software:
Cisco Jabber for Windows versions prior to 11.9(2)

QID Detection Logic (authenticated):
This QID looks for the vulnerable version of “CiscoJabber.exe”.

漏洞危害

A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

解决方案

Customers are advised to consult Cisco bug ID CSCvf79088, CSCvf79080, CSCvf50378 andCSCvg56018 for remediation purposes.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Cisco Jabber 11.9(2) or later: Windows

0daybank

CVE-2017-1000364 McAfee Web Gateway Multiple Vulnerabilities (SB10205)

漏洞类别:CGI

漏洞等级:

漏洞信息

McAfee Web Gateway Anti-Malware Engine, part of McAfee Web Protection, is a powerful in-line technology designed to protect against contemporary threats delivered via HTTP and HTTPS channels, taking web exploit detection, zero-day, and targeted threat prevention to the next level.

McAfee Web Gateway uses a version of ‘glibc’ which was found vulnerable to stack guard page bypass and arbitrary code execution via LD_LIBRARY_PATH values.

Affected Versions:
McAfee Web Gateway prior to version 7.6.2.16
McAfee Web Gateway prior to version 7.7.2.4

QID Detection Logic:
This QID retrieves McAfee Web Gateway version over port 9090 and checks to see if it’s vulnerable.

漏洞危害

An unauthenticated attacker could exploit this vulnerability to execute arbitrary code on the system.

解决方案

Please refer to McAfee Security Bulletin SB10205 for more details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SNS936

SNS937

0daybank

CVE-2017-11188 SUSE Enterprise Linux Security Update for ImageMagick (SUSE-SU-2017:3388-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for imagemagick to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:3388-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:3388-1: SUSE Enterprise Linux

0daybank

CVE-2017-11188 SUSE Enterprise Linux Security Update for ImageMagick (SUSE-SU-2017:3378-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for imagemagick to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:3378-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:3378-1: SUSE Enterprise Linux

0daybank

CVE-2017-3737 SUSE Enterprise Linux Security Update for openssl (SUSE-SU-2017:3343-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for openssl to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:3343-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:3343-1: SUSE Enterprise Linux

0daybank

CVE-2017-0861 Amazon Linux Security Advisory for kernel: ALAS-2017-937

漏洞类别:Amazon Linux

漏洞等级:

漏洞信息

A flaw was found in the patches used to fix the ‘dirtycow’ vulnerability (CVE-2016-5195 ). An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages. (CVE-2017-1000405 )

Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. (CVE-2017-1000407 )

A BUG in drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16647 )

A BUG in drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16646 )

The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16645 )

The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16643 )

The walk_hugetlb_range() function in ‘mm/pagewalk.c’ file in the Linux kernel from v4.0-rc1 through v4.15-rc1 mishandles holes in hugetlb ranges. This allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. (CVE-2017-16994 )

The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16650 )

The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16649 )

QID Detection Logic:
This authenticated QID verifies if the version of the following files is lesser than 4.9.70-22.55.amzn1: kernel-tools,kernel-devel,kernel-headers,kernel,perf,kernel-tools-devel,kernel-tools-debuginfo,kernel-debuginfo-common-x86_64,perf-debuginfo,kernel-debuginfo,kernel-debuginfo-common-i686,kernel-doc

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Please refer to Amazon advisory ALAS-2017-937 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ALAS-2017-937

0daybank

CVE-2017-10198 Amazon Linux Security Advisory for java-1.7.0-openjdk: ALAS-2017-936

漏洞类别:Amazon Linux

漏洞等级:

漏洞信息

It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms. (CVE-2017-10198 )

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10346 )

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10347 )

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2017-10357 )

QID Detection Logic:
This authenticated QID verifies if the version of the following files is lesser than 1.7.0.161-2.6.12.0.75.amzn1: java-1.7.0-openjdk-devel,java-1.7.0-openjdk-src,java-1.7.0-openjdk,java-1.7.0-openjdk-debuginfo,java-1.7.0-openjdk-demo,java-1.7.0-openjdk-javadoc

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

0daybank

CVE-2017-12173 Amazon Linux Security Advisory for sssd: ALAS-2017-935

漏洞类别:Amazon Linux

漏洞等级:

漏洞信息

Unsanitized input when searching in local cache database
It was found that sssd’s sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. (CVE-2017-12173 )

QID Detection Logic:
This authenticated QID verifies if the version of the following files is lesser than 1.15.2-50.34.amzn1: sssd-krb5,sssd-proxy,libsss_simpleifp-devel,sssd-krb5-common,libsss_idmap-devel,libsss_autofs,sssd-common-pac,libsss_nss_idmap-devel,sssd-debuginfo,python27-libipa_hbac,sssd-ad,sssd-common,python27-sss-murmur,sssd-winbind-idmap,sssd,python27-sss,sssd-libwbclient,sssd-dbus,libsss_certmap,libsss_nss_idmap,libipa_hbac-devel,libsss_certmap-devel,libsss_sudo,sssd-libwbclient-devel,python27-libsss_nss_idmap,libipa_hbac,libsss_simpleifp,sssd-ipa,sssd-client,sssd-ldap,libsss_idmap,sssd-tools,python27-sssdconfig

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Please refer to Amazon advisory ALAS-2017-935 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ALAS-2017-935: Amazon Linux (sssd (1.15.2-50.34.amzn1) on noarch)

ALAS-2017-935: Amazon Linux (sssd (1.15.2-50.34.amzn1) on x86_64)

ALAS-2017-935: Amazon Linux (sssd (1.15.2-50.34.amzn1) on src)

ALAS-2017-935: Amazon Linux (sssd (1.15.2-50.34.amzn1) on i686)

0daybank

CVE-2017-14167 Amazon Linux Security Advisory for qemu-kvm: ALAS-2017-934

漏洞类别:Amazon Linux

漏洞等级:

漏洞信息

Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167 )

Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS). (CVE-2017-15289 )

QID Detection Logic:
This authenticated QID verifies if the version of the following files is lesser than 1.5.3-141.5.amzn1: qemu-kvm-common,qemu-kvm-tools,qemu-img,qemu-kvm-debuginfo,qemu-kvm

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Please refer to Amazon advisory ALAS-2017-934 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ALAS-2017-934: Amazon Linux (qemu-kvm (1.5.3-141.5.amzn1) on src)

ALAS-2017-934: Amazon Linux (qemu-kvm (1.5.3-141.5.amzn1) on x86_64)

0daybank

CVE-2017-14746 Amazon Linux Security Advisory for samba: ALAS-2017-933

漏洞类别:Amazon Linux

漏洞等级:

漏洞信息

Use-after-free in processing SMB1 requests
A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746)

Server heap-memory disclosure
A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server. (CVE-2017-15275 )

QID Detection Logic:
This authenticated QID verifies if the version of the following files is lesser than 4.6.2-12.37.amzn1: libwbclient,samba-winbind-modules,samba-krb5-printing,samba-devel,ctdb,samba-test-libs,samba-client,samba-debuginfo,samba-libs,samba-common-tools,samba-winbind,samba-python,samba-winbind-krb5-locator,samba-common-libs,ctdb-tests,libsmbclient,libwbclient-devel,libsmbclient-devel,samba-client-libs,samba-test,samba,samba-winbind-clients,samba-common,samba-pidl

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Please refer to Amazon advisory ALAS-2017-933 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ALAS-2017-933: Amazon Linux (samba (4.6.2-12.37.amzn1) on noarch)

ALAS-2017-933: Amazon Linux (samba (4.6.2-12.37.amzn1) on x86_64)

ALAS-2017-933: Amazon Linux (samba (4.6.2-12.37.amzn1) on src)

ALAS-2017-933: Amazon Linux (samba (4.6.2-12.37.amzn1) on i686)

0daybank

CVE-2017-16943 Amazon Linux Security Advisory for exim: ALAS-2017-932

漏洞类别:Amazon Linux

漏洞等级:

漏洞信息

Use-after-free in receive_msg function via vectors involving BDAT commands
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. (CVE-2017-16943 )

Infinite loop and stack exhaustion in receive_msg function via vectors involving BDAT commands
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a ‘.’ character signifying the end of the content, related to the bdat_getc function. (CVE-2017-16944 )

QID Detection Logic:
This authenticated QID verifies if the version of the following files is lesser than 4.89-4.17.amzn1: exim-debuginfo,exim,exim-greylist,exim-mysql,exim-pgsql,exim-mon

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Please refer to Amazon advisory ALAS-2017-932 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ALAS-2017-932: Amazon Linux (exim (4.89-4.17.amzn1) on i686)

ALAS-2017-932: Amazon Linux (exim (4.89-4.17.amzn1) on x86_64)

ALAS-2017-932: Amazon Linux (exim (4.89-4.17.amzn1) on src)

0daybank

HP Synaptics Touchpad Keylogger Driver Detected

漏洞类别:Local

漏洞等级:

漏洞信息

A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. An attacker would need administrative privileges in order to take advantage of the vulnerability.

HP G4, G5 and G6 devices, EliteBook and Elitebook Folio devices, HP mt* thin clients, HP ProBook laptops , HP zBook mobile workstations, various Compaq notebooks, HP 15* and HP17* notebooks, HP ENVY devices, and HP Pavilion and Omen devices are affected by this vulnerability.

QID Detection Logic:
This QID checks for vulnerable versions of SynTP.sys driver.

漏洞危害

Successful exploitation allows an attacker to record and access keys typed by a user.

解决方案

Customers are advised to refer to c05827409 for updates pertaining to this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

c05827409

0daybank

CVE-2017-1000083 SUSE Enterprise Linux Security Update for evince (SUSE-SU-2017:3428-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for evince to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:3428-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:3428-1: SUSE Enterprise Linux

0daybank

CVE-2016-10165 SUSE Enterprise Linux Security Update for java-1_8_0-ibm (SUSE-SU-2017:3411-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for java-1_8_0-ibm to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:3411-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:3411-1: SUSE Enterprise Linux

0daybank

CVE-2012-0233 Advantech/BroadWin WebAccess Multiple Vulnerabilities

漏洞类别:CGI

漏洞等级:

漏洞信息

Advantech/BroadWin WebAccess is a web-based application for human-machine interfaces (HMI), and supervisory control and data acquisition (SCADA).

Advantech/BroadWin WebAccess is exposed to multiple vulnerabilities that can cause Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF) and Authentication issues.

Affected Versions:
Advantech/BroadWin WebAccess 7.0 and earlier

QID Detection Logic (unauthenticated):
The QID sends a GET /broadWeb/bwRoot.asp request to retrieve the version of Advantech/BroadWin WebAccess running on the remote target.

漏洞危害

Successful exploitation of the vulnerabilities will lead to:
1) Cross-site scripting (XSS)
2) SQL injection
3) Cross-site report forgery (CSRF)
4) Authentication issues

解决方案

Customers are advised to upgrade to the latet version of the software. Refer to the following link for further details:Advantech WebAccess

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Advantech/BroadWin WebAccess

0daybank

CVE-2017-1000410 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2017:3398-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for the linux kernel to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Desktop 12-SP3

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:3398-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:3398-1: SUSE Enterprise Linux

0daybank

CVE-2017-13735 SUSE Enterprise Linux Security Update for libraw (SUSE-SU-2017:3392-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for libraw to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:3392-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:3392-1: SUSE Enterprise Linux

0daybank

CVE-2017-15098 SUSE Enterprise Linux Security Update for postgresql96 (SUSE-SU-2017:3391-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for postgresql96 to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:3391-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:3391-1: SUSE Enterprise Linux

0daybank

CVE-2017-12373 Cisco ASA Bleichenbacher attack on TLS Information Disclosure Vulnerability(ROBOT)

漏洞类别:Cisco

漏洞等级:

漏洞信息

A vulnerability in the TLS protocol implementation of legacy Cisco ASA devices could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange.
This vulnerability affects the listed ASA models when they are using an SSL trustpoint associated with a 2048-bit RSA key.

漏洞危害

An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack.

解决方案

More information can be obtained from cisco-sa-20171212-bleichenbacher Workaround:

– Enable “crypto engine large-mod-accel” in the ASA configuration. This configuration change might reduce the maximum SSL throughput by up to 50%. This workaround is not available for the ASA 5505.
or:
– Configure “ssl encryption” to only allow cipher suites based on Diffie-Hellman key exchange (like “dhe-aes128-sha1” and “dhe-aes256-sha1”). This mitigation may have an impact on interoperability with legacy clients that might not support these ciphers.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

CSCvg97652: Cisco ASA

0daybank

CVE-2017-14184 FortiClient VPN Credentials Information Disclosure Vulnerability (FG-IR-17-214)

漏洞类别:Local

漏洞等级:

漏洞信息

FortiClient is a comprehensive endpoint security solution.

An Information Disclosure vulnerability has been identified in FortiClient which reveals VPN credentials.

Affected Versions:
FortiClient version 5.6.0 and earlier

QID Detection Logic (authenticated):
Operating System: Windows

The QID checks if the host is vulnerable or not by checking the version of the file “FortiVPNst.exe”. The location of the file is determined via the registry key “HKLM\SOFTWARE\Fortinet\FortiClient” and value “INSTALLDIR”.

漏洞危害

Successful exploitation of the vulnerability will allow a user to see VPN authentication credentials of other users (sharing the same workstation) due to improperly secured storage locations.

解决方案

Customers are advised to refer advisory FG-IR-17-214 to patch this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FG-IR-17-214

0daybank