Tenable Log Correlation Engine: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2016.0087
       LCE 4.8.1 Fixes Multiple Third-party Library Vulnerabilities
                             8 September 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Tenable Log Correlation Engine
Operating System:     Red Hat
                      CentOS
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                      Access Privileged Data          -- Remote/Unauthenticated      
                      Denial of Service               -- Remote/Unauthenticated      
                      Cross-site Scripting            -- Remote with User Interaction
                      Unauthorised Access             -- Remote/Unauthenticated      
                      Reduced Security                -- Remote/Unauthenticated      
                      Access Confidential Data        -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2016-5421 CVE-2016-5419 CVE-2016-4483
                      CVE-2016-4449 CVE-2016-4448 CVE-2016-4447
                      CVE-2016-3705 CVE-2016-3627 CVE-2016-3191
                      CVE-2016-2109 CVE-2016-2108 CVE-2016-2107
                      CVE-2016-2106 CVE-2016-2105 CVE-2016-1839
                      CVE-2016-1838 CVE-2016-1837 CVE-2016-1836
                      CVE-2016-1835 CVE-2016-1834 CVE-2016-1833
                      CVE-2016-1695 CVE-2016-1283 
Member content until: Saturday, October  8 2016
Reference:            ASB-2016.0080
                      ASB-2016.0074
                      ASB-2016.0057
                      ESB-2016.1398
                      ESB-2016.1076

OVERVIEW

        Multiple vulnerabilities have been identified in Tenable Log 
        Correlation Engine prior to version 4.8.1. [1]


IMPACT

        The vendor has provided the following information:
        
        "The following vulnerabilities have been resolved with the updated 
        libraries. Note that several of these issues do not have a CVE 
        assigned.
        
        OpenSSL crypto/x509/x509_obj.c X509_NAME_oneline() Function ASN1 
        Strings Handling Out-of-bounds Read Memory Disclosure
        
        OpenSSL ASN.1 Encoder Negative Zero Value Handling Remote Memory 
        Corruption
        
        OpenSSL AES-NI CBC MAC Check Padding Oracle MitM Information 
        Disclosure
        
        OpenSSL crypto/evp/encode.c EVP_EncodeUpdate() Function Heap Buffer
        Overflow Weakness
        
        OpenSSL crypto/evp/evp_enc.c EVP_EncryptUpdate() Function Heap 
        Buffer Overflow Weakness
        
        OpenSSL crypto/asn1/a_d2i_fp.c ASN.1 BIO Length Field Handling 
        Memory Exhaustion Remote DoS
        
        Perl-Compatible Regular Expressions (PCRE) pcre_compile.c (*ACCEPT)
        Verb Handling Buffer Overflow
        
        Perl-Compatible Regular Expressions (PCRE) pcretest.c pchars() 
        Function Out-of-bounds Read Weakness
        
        Perl-Compatible Regular Expressions (PCRE) pcre_compile.c 
        compile_branch() Function Invalid Pattern Fragment Handling Stack 
        Corruption
        
        Perl-Compatible Regular Expressions (PCRE) pcretest.c Out-of-bounds
        Read Weakness
        
        Perl-Compatible Regular Expressions (PCRE) pcre_compile.c 
        pcre_compile2() Function Duplicate Named Group Nested Back Reference
        Handling Heap Buffer Overflow
        
        Libxml2 parser.c xmlParseElementDecl() / 
        xmlParseConditionalSections() Functions Out-of-bounds Read Issue
        
        Libxml2 Multiple Functionality Format Strings
        
        Libxml2 HTMLparser.c htmlParseNameComplex() Function HTML File 
        Encoding Detection Failure
        
        Libxml2 parser.c xmlStringLenDecodeEntities() Function Unspecified 
        XML External Entity (XXE) Injection Issue
        
        Libxml2 xmlregexp.c xmlFAParseCharRange() Function Heap Buffer 
        Overflow
        
        Libxml2 parser.c xmlParseStartTag2() Function Heap Use-after-free
        
        Libxml2 parser.c xmlParseNCNameComplex() Function Heap 
        Use-after-free
        
        Libxml2 xmlstring.c xmlStrncatNew() Function Heap Buffer Overflow
        
        Libxml2 HTMLparser.c htmlParseSystemLiteral() / 
        htmlParsePubidLiteral() Functions Heap Buffer Overflow
        
        Libxml2 xmlsave.c xmlBufAttrSerializeTxtContent() Function Recover 
        Mode XML Content Handling Out-of-bounds Read Issue
        
        Libxml2 parser.c Multiple Function Recursive 
        xmlStringDecodeEntities() Call Handling Stack Overflow DoS
        
        Libxml2 uri.c xmlParse3986Port() Function Port Argument Handling 
        Integer Overflow Unspecified Issue
        
        Libxml2 HTMLparser.c htmlParseName() / htmlParseNameComplex() 
        Functions Out-of-bounds Read Issue
        
        Libxml2 parser.c xmlParserEntityCheck() Function Recovery Mode XML 
        Content Parsing Recursion DoS
        
        Libxml2 parser.c xmlParseEndTag2() Function Out-of-bounds Read Issue
        
        Libxml2 parserInternals.c xmlNextChar() Function Out-of-bounds Read
        Issue
        
        cURL / libcurl lib/multi.c close_all_connections() Function Easy 
        Handle Handling Use-after-free Issue
        
        cURL / libcurl lib/vtls/vtls.c TLS Session Resumption Client 
        Certificate Validation Bypass
        
        jQuery Core ajax/script.js Third-party Text Handling XSS" [1]


MITIGATION

        The vendor recommends updating to the latest version. [1]


REFERENCES

        [1] [R1] LCE 4.8.1 Fixes Multiple Third-party Library Vulnerabilities
            http://www.tenable.com/security/tns-2016-14

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV9C0Y4x+lLeg9Ub1AQin0Q/+Pg376eG43Ux7liCWxXMjn3qGACvTewP6
Lw1br25T33WVqe3gLqfGyOLSjQrWSAU3wEKukaJVecQdvquY13rThVBWtBUOm1l3
T2n+sy5zyciUWwVE/pQKGwu7ntmd0b1iGVVHcbHfkPMiCpPxjtjhTEIUk+Vi+Phy
10piSeoxMmlCcQmnDWGJmb2ZPQ0n/w1iknOhyYCv6NcAIIx1QJEb6m6Qe6txUAW4
IEguf93EnuE28XO1OK0X0P9XsIJ8dwIOxFV4GkfpaCHX8G/UVuJUMBcYZ66Va7wD
/apmLJm0DVA33kdUGbie1rBEDaNgmq7tSpt0NIMCSpr6E6XGxeCxzfz0NL9fZEaz
a/1+X0h92SDPcXfrpyICZ2dIzjim0WZUZyQA9ZP2ctOOHazenzYLHWTMKpbgplya
8Py1eVkwzGr3py+FEUlXvxn++HFT7IqXLrumhHrxNWja0iOiR0d/9gclKOo5gF7C
GfV5+b4sS/88G1B3U6X3cR4f6UlmbecM1L/yJMH3+u5bD5oeZE36rtHV0SugHKmj
D0J4vQ47Mg940JXyMDovN16S1M4Baw4eNlAvvfHldd1iDCUgXqUiIcKq+zCBeA/L
rQq3v62eMdhicIT+UJdwxAYqCAjAsKueh8EUbno/yAa7LxypKG6A/5RPZURb0mh6
tDlkabFtRS8=
=nF/R
-----END PGP SIGNATURE-----