Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.2143
CTPView: Multiple Security vulnerabilities resolved by third
party software updates
13 November 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Juniper CTPView
Publisher: Juniper Networks
Operating System: Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Root Compromise -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2014-3062 CVE-2014-1568 CVE-2013-1775
CVE-2013-1643 CVE-2013-1635 CVE-2013-1620
CVE-2013-0791 CVE-2012-3510 CVE-2012-3158
CVE-2012-2337 CVE-2012-2329 CVE-2012-2311
CVE-2012-1172 CVE-2012-0882 CVE-2012-0831
CVE-2012-0789 CVE-2012-0788 CVE-2012-0781
CVE-2012-0057 CVE-2011-4885 CVE-2011-4609
CVE-2011-4566 CVE-2011-4317 CVE-2011-3919
CVE-2011-3905 CVE-2011-3368 CVE-2011-2834
CVE-2011-1944 CVE-2011-1398 CVE-2011-1153
CVE-2011-1089 CVE-2011-0708 CVE-2011-0421
CVE-2011-0216 CVE-2011-0010 CVE-2010-4707
CVE-2010-4008 CVE-2010-3853 CVE-2010-3435
CVE-2010-3316 CVE-2010-3081 CVE-2010-2956
CVE-2010-1646 CVE-2010-1163 CVE-2010-0830
CVE-2010-0427 CVE-2010-0426 CVE-2009-5029
CVE-2009-2416 CVE-2009-2414 CVE-2009-1265
Reference: ASB-2014.0108
ASB-2014.0077
ESB-2014.2142
ESB-2014.1760
ESB-2014.1385
ASB-2013.0048
ESB-2013.1086
ESB-2013.0355
ESB-2013.0255
ESB-2013.0136
ASB-2012.0143
ASB-2012.0103
ASB-2012.0070
ASB-2012.0004
ASB-2011.0118
ASB-2011.0079
ASB-2011.0005
ASB-2010.0030
ASB-2012.0074.2
ASB-2011.0114.2
ASB-2010.0237.3
ESB-2013.0996.3
ESB-2013.0761.2
Original Bulletin:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10658
- --------------------------BEGIN INCLUDED TEXT--------------------
2014-11 Security Bulletin: CTPView: Multiple Security vulnerabilities resolved
by third party software updates
Categories:
CTP Series
CTPView
SIRT Advisory
Security Advisories ID: JSA10658
Last Updated: 11 Nov 2014
Version: 3.0
PRODUCT AFFECTED:
CTPView releases 4.2, 4.3, 4.4, 4.5, 4.6.
PROBLEM:
CTPView release 7.0R1 addresses multiple vulnerabilities in prior releases
with updated third party software components.
Following is a list of software upgraded and vulnerabilities resolved:
Linux Kernel was upgraded to version 2.6.18-371.1.2.el5 which resolved:
CVE CVSS v2 base score Summary
CVE-2010-3081 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) Local privilege escalation vulnerability in Linux.
CVE-2012-3510 5.6 (AV:L/AC:L/Au:N/C:P/I:N/A:C) Local users can obtain potentially sensitive
information from kernel memory or cause a denial of
service (system crash).
CVE-2009-1265 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Integer overflow Linux Kernel that can leak sensitive
information.
Oracle MySQL package was upgraded to 5.1.66 which resolved:
CVE CVSS v2 base score Summary
CVE-2012-0882 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Buffer overflow in yaSSL that can allow remote attackers
to execute arbitrary code.
CVE-2012-3158 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) remote code execution vulnerability in MySQL.
Vulnerabilities addressed in Apache Reverse Proxy:
CVE CVSS v2 base score Summary
CVE-2011-3368 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Information disclosure vulnerability in mod_proxy module
in the Apache HTTP Server.
CVE-2011-4317 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Information disclosure vulnerability in mod_proxy module
in the Apache HTTP Server.
Sudo package was upgraded to 1.7.10p7 which resolved:
CVE CVSS v2 base score Summary
CVE-2012-2337 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to bypass restrictions.
CVE-2010-0426 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to gain privileges.
CVE-2010-1163 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to execute arbitrary
commands.
CVE-2013-1775 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to bypass intended time
restrictions.
CVE-2010-1646 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C) Sudo vulnerability allow local users to gain privileges.
CVE-2010-2956 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to gain privileges.
CVE-2010-0427 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) Sudo vulnerability allows local users to gain privileges
via a sudo command.
CVE-2011-0010 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) Sudo vulnerability allows local users to bypass intended
authentication requirements.
PHP package was upgraded to 5.2.17-2 which resolved:
CVE CVSS v2 base score Summary
CVE-2011-1153 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Multiple format string vulnerabilities in PHP phar extension.
CVE-2012-2311 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Remote code execution vulnerability.
CVE-2013-1635 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Vulnerability which allows remote attackers to bypass intended
access restrictions.
CVE-2012-0831 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) PHP vulnerability which makes it easier for remote attackers
to conduct SQL injection attacks.
CVE-2011-4566 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) Integer overflow in the exif extension in PHP.
CVE-2012-0057 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) PHP before 5.3.9 has improper libxslt security settings,
which allows remote attackers to create arbitrary files.
CVE-2012-1172 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P) Denial of service or directory traversal vulnerability.
CVE-2011-4885 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) PHP denial of service due to predictable hash collisions.
CVE-2012-0781 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service (NULL pointer dereference and application crash)
via crafted input.
CVE-2012-0788 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service in PHP PDO driver.
CVE-2012-0789 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Memory leak in the timezone functionality in PHP.
CVE-2012-2329 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Buffer overflow in PHP allows remote attackers to cause a denial
of service.
CVE-2013-1643 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Vulnerability in SOAP parser in PHP which allows remote attackers
to read arbitrary files.
CVE-2011-0421 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Denial of service vulnerability in the PHP Zip extension.
CVE-2011-0708 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Denial of service vulnerability in the Exif extension.
CVE-2011-1398 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Vulnerability that allows remote attackers to bypass an HTTP
response-splitting protection mechanism.
Libxml2 library was upgraded to resolve:
CVE CVSS v2 base score Summary
CVE-2011-0216 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Denial of service vulnerability.
CVE-2011-1944 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Vulnerability that can cause a denial of service (crash) and
possibly execute arbitrary code via a crafted XML file.
CVE-2011-3919 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Heap-based buffer overflow in libxml2 that can cause a denial of
service.
CVE-2011-2834 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Double free vulnerability in libxml2 that can cause a denial of
service.
CVE-2011-3905 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service (out-of-bounds read) vulnerability.
CVE-2009-2414 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Stack consumption vulnerability in libxml2.
CVE-2009-2416 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Multiple use-after-free vulnerabilities in libxml2.
CVE-2010-4008 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Denial of service (application crash) via a crafted XML document.
Mozilla NSS and NSPR packages were upgraded to resolve:
CVE CVSS v2 base score Summary
CVE-2014-1568 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) NSS does not properly parse ASN.1 values in X.509 certificates,
which makes it easier for remote attackers to spoof RSA signatures
via a crafted certificate, aka a "signature malleability" issue.
CVE-2013-0791 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) NSS allows remote attackers to cause a denial of service (out-of-bounds
read and memory corruption) via a crafted certificate.
CVE-2013-1620 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) The TLS implementation in NSS allows remote attackers to conduct
distinguishing attacks and plaintext-recovery attacks via statistical
analysis of timing data for crafted packets.
Vulnerabilities addressed in GNU C Library (glibc or libc6):
CVE CVSS v2 base score Summary
CVE-2009-5029 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Integer overflow in glibc.
CVE-2010-0830 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Integer signedness error in glibc.
CVE-2011-4609 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service (CPU consumption) via a large number of RPC
connections.
CVE-2011-1089 3.3 (AV:L/AC:M/Au:N/C:P/I:P/A:N) Local users can corrupt /etc/mtab file.
Vulnerabilities addressed in Linux PAM:
CVE CVSS v2 base score Summary
CVE-2010-3853 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) Vulnerability that may allow local users to gain privileges.
CVE-2010-4707 4.9 (AV:L/AC:L/Au:N/C:C/I:N/A:N) Vulnerability that may allow local users to cause a denial of service
(resource consumption) via a special file.
CVE-2010-3435 4.7 (AV:L/AC:M/Au:N/C:C/I:N/A:N) Vulnerability that may allow local users to obtain sensitive information.
CVE-2010-3316 3.3 (AV:L/AC:M/Au:N/C:P/I:P/A:N) Vulnerability that allow local users to read arbitrary files.
In addition to the above, third party software upgrades in CTPView contain
fixes to a number other CVEs which are not exploitable on CTPView or not
applicable in the context of CTPView or their impact to CTPView has not been
evaluated. Hence those are not listed here.
Bash package was upgraded to version 3.2.33 to resolve "ShellShock"
vulnerabilities (CVE-2014-6271 CVE-2014-7169). Hower CTPView was evaluated to
be not vulnerable to any remote exploitation risks due to these issues.
SOLUTION:
These vulnerabilities are fixed in CTPView 7.0R1 and later releases.
WORKAROUND:
There are no known workarounds that can be used to mitigate all the above
vulnerabilities. Limiting access to CTPView from only trusted hosts would help
mitigate Apache, MySQL, sudo and PHP vulnerabilities.
IMPLEMENTATION:
CTPView release 7.0R1 is available for download from
http://www.juniper.net/support/downloads/?p=ctpview#sw.
MODIFICATION HISTORY:
2014-11-12: Initial publication.
RELATED LINKS:
KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin
Publication Process
KB16765: In which releases are vulnerabilities fixed?
KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security
Advisories
Report a Security Vulnerability - How to Contact the Juniper Networks Security
Incident Response Team
CVSS SCORE:
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
RISK LEVEL:
Critical
RISK ASSESSMENT:
Vulnerability CVE-2014-3062 has the highest CVSS v2 base score of 9.3 in this
advisory.
ACKNOWLEDGEMENTS:
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVGQoIxLndAQH1ShLAQLJig/+OOB+a/o1MFeeXasMMNvRzc9t1V/q4g0Z
JYuWILNMD3v0tqwFlP7kqpBzEsN+649v6r0s4DcrlRK03KUgs+X6DtN6VoKI+Ch1
1fet+ftMnJsq4S5E+Y6+GTgKiGBweJGL8856OKNSeRG/+vHA50+LW58OMNm1qlXo
RftwMxBiYecFh8t/Dout5p/dA4/NodDM1uDw3ChAcxYsxtNmRom86Z3Ihmu1e+wr
5r2rHSh8yjoTMl2ygQNZ8jg0IgQVrXRYrddkH89Xx9IqNBF9ZQ0f7pzDzfb7OTkg
Gmw51c4bqce8QaXydsndef8SMQmma7HzohgksTg3ZP+i+77zgMv1zoOwpsKQ2viE
cU+ci7CVd1xElwPNkwsnpaVACaszYr9BVtIL6hrMcMVAmUCJzMycq74O+fDJ+X+i
GmFbApFTYAiDa84q0w+TqmiR88SFV6YqD646HyswQ/8LF9SF7yTOHfMLRm34MxUz
9PehCmoNbTgPSV1STZmFE+C780FM1u6MhmZzmN260hUqNKcoznKMoa4EPAFMye51
ccBd9ft/TelxaZcqtN1mqEL88Ubx/nhmVYYzl56mf7aUeKw0i7+pAEmR3P13dXXX
jnll0puhE5XQGcdVop57kxOYiWfc8ZgvDOChgDJfalVeKsOJmcFcOuEMhE/d7Z1w
ihuwSnwI4uw=
=QxnP
-----END PGP SIGNATURE-----