Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2016.0104 Multiple vulnerabilities have been identified in Tenable Log Correlation Engine (LCE) prior to version 4.8.1. 11 November 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Tenable Log Correlation Engine (LCE) Operating System: Red Hat Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-9261 CVE-2016-4483 CVE-2016-4449 CVE-2016-4448 CVE-2016-4447 CVE-2016-3705 CVE-2016-3627 CVE-2016-3191 CVE-2016-2176 CVE-2016-2109 CVE-2016-2108 CVE-2016-2107 CVE-2016-2106 CVE-2016-2105 CVE-2016-1840 CVE-2016-1839 CVE-2016-1838 CVE-2016-1837 CVE-2016-1836 CVE-2016-1835 CVE-2016-1834 CVE-2016-1833 CVE-2016-1283 Member content until: Sunday, December 11 2016 Reference: ASB-2016.0095 ASB-2016.0087 ESB-2016.1076 ESB-2016.0255 OVERVIEW Multiple vulnerabilities have been identified in Tenable Log Correlation Engine (LCE) prior to version 4.8.1. [1] IMPACT The vendor has provided the following details regarding the vulnerabilities: "OpenSSL ASN.1 Encoder Negative Zero Value Handling Remote Memory Corruption OpenSSL crypto/evp/encode.c EVP_EncodeUpdate() Function Heap Buffer Overflow Weakness OpenSSL AES-NI CBC MAC Check Padding Oracle MitM Information Disclosure OpenSSL crypto/evp/evp_enc.c EVP_EncryptUpdate() Function Heap Buffer Overflow Weakness OpenSSL crypto/x509/x509_obj.c X509_NAME_oneline() Function ASN1 Strings Handling Out-of-bounds Read Memory Disclosure OpenSSL crypto/asn1/a_d2i_fp.c ASN.1 BIO Length Field Handling Memory Exhaustion Remote DoS Perl-Compatible Regular Expressions (PCRE) pcre_compile.c (*ACCEPT) Verb Handling Buffer Overflow Perl-Compatible Regular Expressions (PCRE) pcre_compile.c pcre_compile2() Function Duplicate Named Group Nested Back Reference Handling Heap Buffer Overflow Libxml2 parser.c xmlStringLenDecodeEntities() Function Unspecified XML External Entity (XXE) Injection Issue Libxml2 Multiple Functionality Format Strings Libxml2 parser.c xmlParseElementDecl() / xmlParseConditionalSections() Functions Out-of-bounds Read Issue Libxml2 parser.c xmlParseNCNameComplex() Function Heap Use-after-free Libxml2 xmlstring.c xmlStrncatNew() Function Heap Buffer Overflow Libxml2 parser.c xmlParseStartTag2() Function Heap Use-after-free Libxml2 HTMLparser.c htmlParseSystemLiteral() / htmlParsePubidLiteral() Functions Heap Buffer Overflow Libxml2 xmlregexp.c xmlFAParseCharRange() Function Heap Buffer Overflow Libxml2 parser.c Multiple Function Recursive xmlStringDecodeEntities() Call Handling Stack Overflow DoS Libxml2 xmlsave.c xmlBufAttrSerializeTxtContent() Function Recover Mode XML Content Handling Out-of-bounds Read Issue Libxml2 HTMLparser.c htmlParseName() / htmlParseNameComplex() Functions Out-of-bounds Read Issue Libxml2 parser.c xmlParserEntityCheck() Function Recovery Mode XML Content Parsing Recursion DoS Libxml2 parser.c xmlParseEndTag2() Function Out-of-bounds Read Issue Libxml2 parserInternals.c xmlNextChar() Function Out-of-bounds Read Issue Additionally, Tenable's Log Correlation Engine (LCE) was found to be impacted by an authenticated stored cross-site scripting (XSS) issue reported to us by Kaustubh Padwad and discovered internally. Tenable thanks him for privately reporting the issue to us." [1] MITIGATION Tenable advises users should upgrade to the latest version of Tenable Log Correlation Engine (LCE) to address these issues. [1] REFERENCES [1] [R2] Log Correlation Engine (LCE) 4.8.1 Fixes Multiple Vulnerabilities http://www.tenable.com/security/tns-2016-18 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWCVIrIx+lLeg9Ub1AQgM2hAAmSgGudo9HEu9xQT8irXS/+2eTSP7RhgO kK4D8hnenjalFse404X9uCIz8p7aXA5Zqk5vP+dmYLWbrzQYM0qP9nrZCTSvptDh pev7Org/AeonP0ouvIEDzaBOUwtu5I4dn4uKN3H3sIo3jblvLFR/4M8MYL3DQqCC +mAr9X2CyUQTvUjBMSLDEv2uDLN8VOVHVfK2mOt3cqdtREdTqYpAv2iJ0IPRC09v gAzsBunnbnnfXDHglxvtuCAg2YTg/gEHWavF19CLCfwpHJUlNA+VaK2DImkn5/fG t22Zsp+u9XAxtiVAM+h2ZSfkNW3sO8LIQqJpsiOTessnk7LiljQ2NGOIwVH4vtmJ SKMppbqyBYCz0kGiuULLoOfaMwhQwJhyGlLieuvfX1pxI1QE2izgLSZxH2ipBqBJ YRbRmFLvKkdaEvK2+8xCc3vjsMYb7f4jzDu5tYjNrRS7Z/KEw9hWyGhk5WBra7vT Ycw30jNNpCgm204UdRI3jzXh2i5O5NTjXjmhpbF/Bqt1K8mylHd6ABV470Ka9l6i I9765Be9bRuPOCZ06FfqtObVu6Ei985Cu6stvvlvf+JvE98f0Gr6uu8gK2oeiz13 1QMDcMBtCqMtFR+QB7Qkv8TCpO+2t6GhP3SOC6tYQKwI+hX8eDNbe8zCL8Vej925 LstK1G1+WuY= =EHeN -----END PGP SIGNATURE-----