Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2016.0104
Multiple vulnerabilities have been identified in Tenable Log
Correlation Engine (LCE) prior to version 4.8.1.
11 November 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Tenable Log Correlation Engine (LCE)
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Privileged Data -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2016-9261 CVE-2016-4483 CVE-2016-4449
CVE-2016-4448 CVE-2016-4447 CVE-2016-3705
CVE-2016-3627 CVE-2016-3191 CVE-2016-2176
CVE-2016-2109 CVE-2016-2108 CVE-2016-2107
CVE-2016-2106 CVE-2016-2105 CVE-2016-1840
CVE-2016-1839 CVE-2016-1838 CVE-2016-1837
CVE-2016-1836 CVE-2016-1835 CVE-2016-1834
CVE-2016-1833 CVE-2016-1283
Member content until: Sunday, December 11 2016
Reference: ASB-2016.0095
ASB-2016.0087
ESB-2016.1076
ESB-2016.0255
OVERVIEW
Multiple vulnerabilities have been identified in Tenable
Log Correlation Engine (LCE) prior to version 4.8.1. [1]
IMPACT
The vendor has provided the following details regarding the
vulnerabilities:
"OpenSSL ASN.1 Encoder Negative Zero Value Handling Remote Memory
Corruption
OpenSSL crypto/evp/encode.c EVP_EncodeUpdate() Function Heap Buffer
Overflow Weakness
OpenSSL AES-NI CBC MAC Check Padding Oracle MitM Information
Disclosure
OpenSSL crypto/evp/evp_enc.c EVP_EncryptUpdate() Function Heap
Buffer Overflow Weakness
OpenSSL crypto/x509/x509_obj.c X509_NAME_oneline() Function ASN1
Strings Handling Out-of-bounds Read Memory Disclosure
OpenSSL crypto/asn1/a_d2i_fp.c ASN.1 BIO Length Field Handling
Memory Exhaustion Remote DoS
Perl-Compatible Regular Expressions (PCRE) pcre_compile.c (*ACCEPT)
Verb Handling Buffer Overflow
Perl-Compatible Regular Expressions (PCRE) pcre_compile.c
pcre_compile2() Function Duplicate Named Group Nested Back Reference
Handling Heap Buffer Overflow
Libxml2 parser.c xmlStringLenDecodeEntities() Function Unspecified
XML External Entity (XXE) Injection Issue
Libxml2 Multiple Functionality Format Strings
Libxml2 parser.c xmlParseElementDecl() /
xmlParseConditionalSections() Functions Out-of-bounds Read Issue
Libxml2 parser.c xmlParseNCNameComplex() Function Heap
Use-after-free
Libxml2 xmlstring.c xmlStrncatNew() Function Heap Buffer Overflow
Libxml2 parser.c xmlParseStartTag2() Function Heap Use-after-free
Libxml2 HTMLparser.c htmlParseSystemLiteral() /
htmlParsePubidLiteral() Functions Heap Buffer Overflow
Libxml2 xmlregexp.c xmlFAParseCharRange() Function Heap Buffer
Overflow
Libxml2 parser.c Multiple Function Recursive
xmlStringDecodeEntities() Call Handling Stack Overflow DoS
Libxml2 xmlsave.c xmlBufAttrSerializeTxtContent() Function Recover
Mode XML Content Handling Out-of-bounds Read Issue
Libxml2 HTMLparser.c htmlParseName() / htmlParseNameComplex()
Functions Out-of-bounds Read Issue
Libxml2 parser.c xmlParserEntityCheck() Function Recovery Mode XML
Content Parsing Recursion DoS
Libxml2 parser.c xmlParseEndTag2() Function Out-of-bounds Read Issue
Libxml2 parserInternals.c xmlNextChar() Function Out-of-bounds Read
Issue
Additionally, Tenable's Log Correlation Engine (LCE) was found to be
impacted by an authenticated stored cross-site scripting (XSS) issue
reported to us by Kaustubh Padwad and discovered internally. Tenable
thanks him for privately reporting the issue to us." [1]
MITIGATION
Tenable advises users should upgrade to the latest version of
Tenable Log Correlation Engine (LCE) to address these issues. [1]
REFERENCES
[1] [R2] Log Correlation Engine (LCE) 4.8.1 Fixes Multiple
Vulnerabilities
http://www.tenable.com/security/tns-2016-18
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWCVIrIx+lLeg9Ub1AQgM2hAAmSgGudo9HEu9xQT8irXS/+2eTSP7RhgO
kK4D8hnenjalFse404X9uCIz8p7aXA5Zqk5vP+dmYLWbrzQYM0qP9nrZCTSvptDh
pev7Org/AeonP0ouvIEDzaBOUwtu5I4dn4uKN3H3sIo3jblvLFR/4M8MYL3DQqCC
+mAr9X2CyUQTvUjBMSLDEv2uDLN8VOVHVfK2mOt3cqdtREdTqYpAv2iJ0IPRC09v
gAzsBunnbnnfXDHglxvtuCAg2YTg/gEHWavF19CLCfwpHJUlNA+VaK2DImkn5/fG
t22Zsp+u9XAxtiVAM+h2ZSfkNW3sO8LIQqJpsiOTessnk7LiljQ2NGOIwVH4vtmJ
SKMppbqyBYCz0kGiuULLoOfaMwhQwJhyGlLieuvfX1pxI1QE2izgLSZxH2ipBqBJ
YRbRmFLvKkdaEvK2+8xCc3vjsMYb7f4jzDu5tYjNrRS7Z/KEw9hWyGhk5WBra7vT
Ycw30jNNpCgm204UdRI3jzXh2i5O5NTjXjmhpbF/Bqt1K8mylHd6ABV470Ka9l6i
I9765Be9bRuPOCZ06FfqtObVu6Ei985Cu6stvvlvf+JvE98f0Gr6uu8gK2oeiz13
1QMDcMBtCqMtFR+QB7Qkv8TCpO+2t6GhP3SOC6tYQKwI+hX8eDNbe8zCL8Vej925
LstK1G1+WuY=
=EHeN
-----END PGP SIGNATURE-----