Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0001 [R1] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities 3 January 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Tenable Log Correlation Engine (LCE) Operating System: Red Hat CentOS Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-8625 CVE-2016-8624 CVE-2016-8623 CVE-2016-8622 CVE-2016-8621 CVE-2016-8620 CVE-2016-8619 CVE-2016-8618 CVE-2016-8617 CVE-2016-8616 CVE-2016-8615 CVE-2016-6308 CVE-2016-6307 CVE-2016-6306 CVE-2016-6305 CVE-2016-6304 CVE-2016-6303 CVE-2016-6302 CVE-2016-2183 CVE-2016-2182 CVE-2016-2181 CVE-2016-2180 CVE-2016-2179 CVE-2016-2178 CVE-2016-2177 Member content until: Thursday, February 2 2017 Reference: ASB-2016.0120 ASB-2016.0101 ESB-2016.2268 OVERVIEW Multiple vulnerabilities have been identified in Tenable Log Correlation Engine (LCE) prior to version 4.8.2. [1] IMPACT The vendor has provided the following details regarding the vulnerabilities: "SQLite ATTACH / DETACH Statement Handling NULL Pointer Dereference DoS curl IDNA Puny Code Translation Incorrect Host Resolution Weakness curl tool_urlglob.c Globbing Feature Out-of-bounds Access Issues curl lib/escape.c curl_easy_unescape() Function URL Unescape Integer Truncation Heap Buffer Overflow curl lib/url.c ConnectionExists() Function Connection Reuse Case-insensitive Password Comparison Remote Weakness curl lib/parsedate.c parsedate() Function Out-of-bounds Read Issue curl lib/cookie.c Shared Cookies Handling Use-after-free Information Disclosure curl lib/mprintf.c alloc_addbyter() Function Double-free DoS curl lib/url.c parseurlandfillconn() Function Authority Component Invalid URL Parsing Host Connection Issue curl lib/cookie.c Curl_cookie_init() Function Arbitrary Cookie Injection curl lib/security.c read_data() Function Kerberos Authentication Handling Double-free Unspecified Issue curl lib/base64.c base64_encode() Function Integer Overflow Heap Buffer Overflow curl lib/escape.c Multiple Functions String Length Handling Integer Overflow Heap Buffer Overflow OpenSSL ssl/t1_lib.c ssl_parse_clienthello_tlsext() Function OCSP Status Request Extension Handling Memory Exhaustion Remote DoS OpenSSL Certificate Message Handling Limited Out-of-bounds Read DoS Weakness OpenSSL ssl/statem/statem_dtls.c dtls1_preprocess_fragment() Function DTLS Message Handling Memory Exhaustion Remote DoS OpenSSL ssl/record/rec_layer_s3.c SSL_peek() Function Empty Record Handling Remote DoS OpenSSL ssl/statem/statem_lib.c tls_get_message_header() Function Memory Exhaustion Remote DoS OpenSSL crypto/mdc2/mdc2dgst.c MDC2_Update() Function Buffer Overflow Weakness OpenSSL ssl/t1_lib.c tls_decrypt_ticket() Function Ticket HMAC Digest Handling Remote DoS OpenSSL DTLS Buffered Message Saturation Queue Exhaustion Remote DoS OpenSSL DTLS Implementation Record Epoch Sequence Number Handling Remote DoS OpenSSL crypto/bn/bn_print.c BN_bn2dec() Function BIGNUM Handling Buffer Overflow DoS OpenSSL crypto/ts/ts_lib.c TS_OBJ_print_bio() Function Out-of-bounds Read Issue OpenSSL crypto/dsa/dsa_ossl.c DSA Signing Algorithm Constant Time Failure Side-channel Attack Information Disclosure OpenSSL Integer Overflow Unspecified Weakness Triple Data Encryption Algorithm (3DES) 64-bit Block Size Birthday Attack HTTPS Cookie MitM Disclosure (SWEET32)" [1] MITIGATION Tenable advises users should upgrade to the latest version of Tenable Log Correlation Engine (LCE) to address these issues. [1] REFERENCES [1] [R1] LCE 4.8.2 Fixes Multiple Third-party Library Vulnerabilities http://www.tenable.com/security/tns-2016-21 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWGsmS4x+lLeg9Ub1AQhClg//UFVaFViBv3DoNEctisCXsxAeKv1KbjWG k4E4kUICpQ7QOpedw0GQrKn/tt2kzqOki2tw5Q+dTX/CNOut29Km6BCxV8okokWj 2XISsbhyCohqGUsDPGNuAiusCE7TivBBrykPTNgH638mg4S+KcqOKFooowB/XSx2 vV6X3jt4ym9vEcnpuOq4Zu8QHPHPVf53+LUix391JN4AhZWMZEIx/s9D+fzmXVoh ZYG/A8JJoPMiXsigpfuPHszmQlLm+cHwHkpBsQm8rvlOXMuhE81HwncLl8J/azQ/ EWnSuel3o0kGnGZST6bSByv8m6EepwN7VuLMVfjw9ogdsDzO8itC4W1Gs9pSSOGM aVrxJKShboN0rFUNIda9Phs8MEL4jubdZJblFhKPTnawgyvzzCtFYDtyjIgrAl3m Sk8qvqKEQLdSrdeF1187rNk9fAY6VFdr3SPO0YJ/9YVl/TnFiqrmOCZH6YqHJBIs ZU+c/l0U8PDuCvtNqwDoW1N2mpVW+LXZfFr48XiE/LXofVgqlm46vC068ADqGOKD ZCV4R2gIhe1PBBcgiS+t6QDx37V4n09WoMKWXd0g3X4y/vWbhlmKz+HM8evYNVR1 X/IB2K3ppL8URvgJl0J7IC6sd05GvNdjKlNfbHELEpVSti6MvBGfhYaSqq3bnalp Sj2b1vDVTig= =hurQ -----END PGP SIGNATURE-----