Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.2143 CTPView: Multiple Security vulnerabilities resolved by third party software updates 13 November 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Juniper CTPView Publisher: Juniper Networks Operating System: Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Root Compromise -- Existing Account Access Privileged Data -- Existing Account Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-3062 CVE-2014-1568 CVE-2013-1775 CVE-2013-1643 CVE-2013-1635 CVE-2013-1620 CVE-2013-0791 CVE-2012-3510 CVE-2012-3158 CVE-2012-2337 CVE-2012-2329 CVE-2012-2311 CVE-2012-1172 CVE-2012-0882 CVE-2012-0831 CVE-2012-0789 CVE-2012-0788 CVE-2012-0781 CVE-2012-0057 CVE-2011-4885 CVE-2011-4609 CVE-2011-4566 CVE-2011-4317 CVE-2011-3919 CVE-2011-3905 CVE-2011-3368 CVE-2011-2834 CVE-2011-1944 CVE-2011-1398 CVE-2011-1153 CVE-2011-1089 CVE-2011-0708 CVE-2011-0421 CVE-2011-0216 CVE-2011-0010 CVE-2010-4707 CVE-2010-4008 CVE-2010-3853 CVE-2010-3435 CVE-2010-3316 CVE-2010-3081 CVE-2010-2956 CVE-2010-1646 CVE-2010-1163 CVE-2010-0830 CVE-2010-0427 CVE-2010-0426 CVE-2009-5029 CVE-2009-2416 CVE-2009-2414 CVE-2009-1265 Reference: ASB-2014.0108 ASB-2014.0077 ESB-2014.2142 ESB-2014.1760 ESB-2014.1385 ASB-2013.0048 ESB-2013.1086 ESB-2013.0355 ESB-2013.0255 ESB-2013.0136 ASB-2012.0143 ASB-2012.0103 ASB-2012.0070 ASB-2012.0004 ASB-2011.0118 ASB-2011.0079 ASB-2011.0005 ASB-2010.0030 ASB-2012.0074.2 ASB-2011.0114.2 ASB-2010.0237.3 ESB-2013.0996.3 ESB-2013.0761.2 Original Bulletin: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10658 - --------------------------BEGIN INCLUDED TEXT-------------------- 2014-11 Security Bulletin: CTPView: Multiple Security vulnerabilities resolved by third party software updates Categories: CTP Series CTPView SIRT Advisory Security Advisories ID: JSA10658 Last Updated: 11 Nov 2014 Version: 3.0 PRODUCT AFFECTED: CTPView releases 4.2, 4.3, 4.4, 4.5, 4.6. PROBLEM: CTPView release 7.0R1 addresses multiple vulnerabilities in prior releases with updated third party software components. Following is a list of software upgraded and vulnerabilities resolved: Linux Kernel was upgraded to version 2.6.18-371.1.2.el5 which resolved: CVE CVSS v2 base score Summary CVE-2010-3081 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) Local privilege escalation vulnerability in Linux. CVE-2012-3510 5.6 (AV:L/AC:L/Au:N/C:P/I:N/A:C) Local users can obtain potentially sensitive information from kernel memory or cause a denial of service (system crash). CVE-2009-1265 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Integer overflow Linux Kernel that can leak sensitive information. Oracle MySQL package was upgraded to 5.1.66 which resolved: CVE CVSS v2 base score Summary CVE-2012-0882 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Buffer overflow in yaSSL that can allow remote attackers to execute arbitrary code. CVE-2012-3158 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) remote code execution vulnerability in MySQL. Vulnerabilities addressed in Apache Reverse Proxy: CVE CVSS v2 base score Summary CVE-2011-3368 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Information disclosure vulnerability in mod_proxy module in the Apache HTTP Server. CVE-2011-4317 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Information disclosure vulnerability in mod_proxy module in the Apache HTTP Server. Sudo package was upgraded to 1.7.10p7 which resolved: CVE CVSS v2 base score Summary CVE-2012-2337 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to bypass restrictions. CVE-2010-0426 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to gain privileges. CVE-2010-1163 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to execute arbitrary commands. CVE-2013-1775 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to bypass intended time restrictions. CVE-2010-1646 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C) Sudo vulnerability allow local users to gain privileges. CVE-2010-2956 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to gain privileges. CVE-2010-0427 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) Sudo vulnerability allows local users to gain privileges via a sudo command. CVE-2011-0010 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) Sudo vulnerability allows local users to bypass intended authentication requirements. PHP package was upgraded to 5.2.17-2 which resolved: CVE CVSS v2 base score Summary CVE-2011-1153 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Multiple format string vulnerabilities in PHP phar extension. CVE-2012-2311 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Remote code execution vulnerability. CVE-2013-1635 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Vulnerability which allows remote attackers to bypass intended access restrictions. CVE-2012-0831 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) PHP vulnerability which makes it easier for remote attackers to conduct SQL injection attacks. CVE-2011-4566 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) Integer overflow in the exif extension in PHP. CVE-2012-0057 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files. CVE-2012-1172 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P) Denial of service or directory traversal vulnerability. CVE-2011-4885 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) PHP denial of service due to predictable hash collisions. CVE-2012-0781 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service (NULL pointer dereference and application crash) via crafted input. CVE-2012-0788 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service in PHP PDO driver. CVE-2012-0789 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Memory leak in the timezone functionality in PHP. CVE-2012-2329 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Buffer overflow in PHP allows remote attackers to cause a denial of service. CVE-2013-1643 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Vulnerability in SOAP parser in PHP which allows remote attackers to read arbitrary files. CVE-2011-0421 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Denial of service vulnerability in the PHP Zip extension. CVE-2011-0708 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Denial of service vulnerability in the Exif extension. CVE-2011-1398 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Vulnerability that allows remote attackers to bypass an HTTP response-splitting protection mechanism. Libxml2 library was upgraded to resolve: CVE CVSS v2 base score Summary CVE-2011-0216 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Denial of service vulnerability. CVE-2011-1944 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Vulnerability that can cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file. CVE-2011-3919 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Heap-based buffer overflow in libxml2 that can cause a denial of service. CVE-2011-2834 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Double free vulnerability in libxml2 that can cause a denial of service. CVE-2011-3905 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service (out-of-bounds read) vulnerability. CVE-2009-2414 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Stack consumption vulnerability in libxml2. CVE-2009-2416 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Multiple use-after-free vulnerabilities in libxml2. CVE-2010-4008 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Denial of service (application crash) via a crafted XML document. Mozilla NSS and NSPR packages were upgraded to resolve: CVE CVSS v2 base score Summary CVE-2014-1568 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) NSS does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. CVE-2013-0791 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) NSS allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. CVE-2013-1620 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) The TLS implementation in NSS allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets. Vulnerabilities addressed in GNU C Library (glibc or libc6): CVE CVSS v2 base score Summary CVE-2009-5029 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Integer overflow in glibc. CVE-2010-0830 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Integer signedness error in glibc. CVE-2011-4609 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service (CPU consumption) via a large number of RPC connections. CVE-2011-1089 3.3 (AV:L/AC:M/Au:N/C:P/I:P/A:N) Local users can corrupt /etc/mtab file. Vulnerabilities addressed in Linux PAM: CVE CVSS v2 base score Summary CVE-2010-3853 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) Vulnerability that may allow local users to gain privileges. CVE-2010-4707 4.9 (AV:L/AC:L/Au:N/C:C/I:N/A:N) Vulnerability that may allow local users to cause a denial of service (resource consumption) via a special file. CVE-2010-3435 4.7 (AV:L/AC:M/Au:N/C:C/I:N/A:N) Vulnerability that may allow local users to obtain sensitive information. CVE-2010-3316 3.3 (AV:L/AC:M/Au:N/C:P/I:P/A:N) Vulnerability that allow local users to read arbitrary files. In addition to the above, third party software upgrades in CTPView contain fixes to a number other CVEs which are not exploitable on CTPView or not applicable in the context of CTPView or their impact to CTPView has not been evaluated. Hence those are not listed here. Bash package was upgraded to version 3.2.33 to resolve "ShellShock" vulnerabilities (CVE-2014-6271 CVE-2014-7169). Hower CTPView was evaluated to be not vulnerable to any remote exploitation risks due to these issues. SOLUTION: These vulnerabilities are fixed in CTPView 7.0R1 and later releases. WORKAROUND: There are no known workarounds that can be used to mitigate all the above vulnerabilities. Limiting access to CTPView from only trusted hosts would help mitigate Apache, MySQL, sudo and PHP vulnerabilities. IMPLEMENTATION: CTPView release 7.0R1 is available for download from http://www.juniper.net/support/downloads/?p=ctpview#sw. MODIFICATION HISTORY: 2014-11-12: Initial publication. RELATED LINKS: KB16613: Overview of the Juniper Networks SIRT Monthly Security Bulletin Publication Process KB16765: In which releases are vulnerabilities fixed? KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories Report a Security Vulnerability - How to Contact the Juniper Networks Security Incident Response Team CVSS SCORE: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) RISK LEVEL: Critical RISK ASSESSMENT: Vulnerability CVE-2014-3062 has the highest CVSS v2 base score of 9.3 in this advisory. ACKNOWLEDGEMENTS: - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVGQoIxLndAQH1ShLAQLJig/+OOB+a/o1MFeeXasMMNvRzc9t1V/q4g0Z JYuWILNMD3v0tqwFlP7kqpBzEsN+649v6r0s4DcrlRK03KUgs+X6DtN6VoKI+Ch1 1fet+ftMnJsq4S5E+Y6+GTgKiGBweJGL8856OKNSeRG/+vHA50+LW58OMNm1qlXo RftwMxBiYecFh8t/Dout5p/dA4/NodDM1uDw3ChAcxYsxtNmRom86Z3Ihmu1e+wr 5r2rHSh8yjoTMl2ygQNZ8jg0IgQVrXRYrddkH89Xx9IqNBF9ZQ0f7pzDzfb7OTkg Gmw51c4bqce8QaXydsndef8SMQmma7HzohgksTg3ZP+i+77zgMv1zoOwpsKQ2viE cU+ci7CVd1xElwPNkwsnpaVACaszYr9BVtIL6hrMcMVAmUCJzMycq74O+fDJ+X+i GmFbApFTYAiDa84q0w+TqmiR88SFV6YqD646HyswQ/8LF9SF7yTOHfMLRm34MxUz 9PehCmoNbTgPSV1STZmFE+C780FM1u6MhmZzmN260hUqNKcoznKMoa4EPAFMye51 ccBd9ft/TelxaZcqtN1mqEL88Ubx/nhmVYYzl56mf7aUeKw0i7+pAEmR3P13dXXX jnll0puhE5XQGcdVop57kxOYiWfc8ZgvDOChgDJfalVeKsOJmcFcOuEMhE/d7Z1w ihuwSnwI4uw= =QxnP -----END PGP SIGNATURE-----