Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2016.0087 LCE 4.8.1 Fixes Multiple Third-party Library Vulnerabilities 8 September 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Tenable Log Correlation Engine Operating System: Red Hat CentOS Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Unauthorised Access -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-5421 CVE-2016-5419 CVE-2016-4483 CVE-2016-4449 CVE-2016-4448 CVE-2016-4447 CVE-2016-3705 CVE-2016-3627 CVE-2016-3191 CVE-2016-2109 CVE-2016-2108 CVE-2016-2107 CVE-2016-2106 CVE-2016-2105 CVE-2016-1839 CVE-2016-1838 CVE-2016-1837 CVE-2016-1836 CVE-2016-1835 CVE-2016-1834 CVE-2016-1833 CVE-2016-1695 CVE-2016-1283 Member content until: Saturday, October 8 2016 Reference: ASB-2016.0080 ASB-2016.0074 ASB-2016.0057 ESB-2016.1398 ESB-2016.1076 OVERVIEW Multiple vulnerabilities have been identified in Tenable Log Correlation Engine prior to version 4.8.1. [1] IMPACT The vendor has provided the following information: "The following vulnerabilities have been resolved with the updated libraries. Note that several of these issues do not have a CVE assigned. OpenSSL crypto/x509/x509_obj.c X509_NAME_oneline() Function ASN1 Strings Handling Out-of-bounds Read Memory Disclosure OpenSSL ASN.1 Encoder Negative Zero Value Handling Remote Memory Corruption OpenSSL AES-NI CBC MAC Check Padding Oracle MitM Information Disclosure OpenSSL crypto/evp/encode.c EVP_EncodeUpdate() Function Heap Buffer Overflow Weakness OpenSSL crypto/evp/evp_enc.c EVP_EncryptUpdate() Function Heap Buffer Overflow Weakness OpenSSL crypto/asn1/a_d2i_fp.c ASN.1 BIO Length Field Handling Memory Exhaustion Remote DoS Perl-Compatible Regular Expressions (PCRE) pcre_compile.c (*ACCEPT) Verb Handling Buffer Overflow Perl-Compatible Regular Expressions (PCRE) pcretest.c pchars() Function Out-of-bounds Read Weakness Perl-Compatible Regular Expressions (PCRE) pcre_compile.c compile_branch() Function Invalid Pattern Fragment Handling Stack Corruption Perl-Compatible Regular Expressions (PCRE) pcretest.c Out-of-bounds Read Weakness Perl-Compatible Regular Expressions (PCRE) pcre_compile.c pcre_compile2() Function Duplicate Named Group Nested Back Reference Handling Heap Buffer Overflow Libxml2 parser.c xmlParseElementDecl() / xmlParseConditionalSections() Functions Out-of-bounds Read Issue Libxml2 Multiple Functionality Format Strings Libxml2 HTMLparser.c htmlParseNameComplex() Function HTML File Encoding Detection Failure Libxml2 parser.c xmlStringLenDecodeEntities() Function Unspecified XML External Entity (XXE) Injection Issue Libxml2 xmlregexp.c xmlFAParseCharRange() Function Heap Buffer Overflow Libxml2 parser.c xmlParseStartTag2() Function Heap Use-after-free Libxml2 parser.c xmlParseNCNameComplex() Function Heap Use-after-free Libxml2 xmlstring.c xmlStrncatNew() Function Heap Buffer Overflow Libxml2 HTMLparser.c htmlParseSystemLiteral() / htmlParsePubidLiteral() Functions Heap Buffer Overflow Libxml2 xmlsave.c xmlBufAttrSerializeTxtContent() Function Recover Mode XML Content Handling Out-of-bounds Read Issue Libxml2 parser.c Multiple Function Recursive xmlStringDecodeEntities() Call Handling Stack Overflow DoS Libxml2 uri.c xmlParse3986Port() Function Port Argument Handling Integer Overflow Unspecified Issue Libxml2 HTMLparser.c htmlParseName() / htmlParseNameComplex() Functions Out-of-bounds Read Issue Libxml2 parser.c xmlParserEntityCheck() Function Recovery Mode XML Content Parsing Recursion DoS Libxml2 parser.c xmlParseEndTag2() Function Out-of-bounds Read Issue Libxml2 parserInternals.c xmlNextChar() Function Out-of-bounds Read Issue cURL / libcurl lib/multi.c close_all_connections() Function Easy Handle Handling Use-after-free Issue cURL / libcurl lib/vtls/vtls.c TLS Session Resumption Client Certificate Validation Bypass jQuery Core ajax/script.js Third-party Text Handling XSS" [1] MITIGATION The vendor recommends updating to the latest version. [1] REFERENCES [1] [R1] LCE 4.8.1 Fixes Multiple Third-party Library Vulnerabilities http://www.tenable.com/security/tns-2016-14 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV9C0Y4x+lLeg9Ub1AQin0Q/+Pg376eG43Ux7liCWxXMjn3qGACvTewP6 Lw1br25T33WVqe3gLqfGyOLSjQrWSAU3wEKukaJVecQdvquY13rThVBWtBUOm1l3 T2n+sy5zyciUWwVE/pQKGwu7ntmd0b1iGVVHcbHfkPMiCpPxjtjhTEIUk+Vi+Phy 10piSeoxMmlCcQmnDWGJmb2ZPQ0n/w1iknOhyYCv6NcAIIx1QJEb6m6Qe6txUAW4 IEguf93EnuE28XO1OK0X0P9XsIJ8dwIOxFV4GkfpaCHX8G/UVuJUMBcYZ66Va7wD /apmLJm0DVA33kdUGbie1rBEDaNgmq7tSpt0NIMCSpr6E6XGxeCxzfz0NL9fZEaz a/1+X0h92SDPcXfrpyICZ2dIzjim0WZUZyQA9ZP2ctOOHazenzYLHWTMKpbgplya 8Py1eVkwzGr3py+FEUlXvxn++HFT7IqXLrumhHrxNWja0iOiR0d/9gclKOo5gF7C GfV5+b4sS/88G1B3U6X3cR4f6UlmbecM1L/yJMH3+u5bD5oeZE36rtHV0SugHKmj D0J4vQ47Mg940JXyMDovN16S1M4Baw4eNlAvvfHldd1iDCUgXqUiIcKq+zCBeA/L rQq3v62eMdhicIT+UJdwxAYqCAjAsKueh8EUbno/yAa7LxypKG6A/5RPZURb0mh6 tDlkabFtRS8= =nF/R -----END PGP SIGNATURE-----