漏洞编号:CVE-2014-0191 SUSE企业Linux安全更新的libxml2 (SUSE-SU-2017:1366-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for libxml2 to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP1

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2017:1366-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:1366-1: SUSE Enterprise Linux

0daybank

漏洞编号:CVE-2017-7494 桑巴舞的Debian安全更新 (DSA 3860-1)

漏洞类别:Debian

漏洞等级:

漏洞信息

Debian has released security update for samba to fix the vulnerabilities.

漏洞危害

Successful exploitation allows a remote attacker to execute arbitrary code on a targeted system.

解决方案

Refer to Debian security advisory DSA 3860-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

DSA 3860-1: Debian

0daybank

漏洞编号:CVE-2017-7494 对于samba4 Oracle Enterprise Linux安全更新 (ELSA-2017-1271)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for samba4 to fix the vulnerabilities.

Affected Products:
Oracle Linux 6

漏洞危害

Successful exploitation allows a remote attacker to execute arbitrary code on a targeted system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

Oracle Linux 6

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2017-1271: Oracle Linux 6

0daybank

漏洞编号:CVE-2017-7494 桑巴可写共享远程代码执行漏洞

漏洞类别:General remote services

漏洞等级:

漏洞信息

Samba is a freely available file and printer sharing application. Samba allows users to share files and printers between operating systems on UNIX and Windows platforms.

The vulnerability allows a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Affected Versions:
Samba versions 3.5.0 onwards 4.6.4, 4.5.10 and 4.4.14 are vulnerable

QID Detection Logic (Authenticated):
On Unix systems, this QID detects vulnerable Samba versions by launching the smbstatus command.
QID Detection Logic (Unauthenticated):
This unauthenticated detection works by getting the version remotely via samba.

漏洞危害

Successful exploitation allows a remote attacker to execute arbitrary code on a targeted system.

解决方案

Customers are advised to install Samba 4.6.4, 4.5.10, 4.4.14 or later versions to remediate this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Samba 4.6.4, 4.5.10, 4.4.14 or later

0daybank

漏洞编号:CVE-2017-7494 企业Linux安全更新 (ELSA-2017-1270)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for samba to fix the vulnerabilities.

Affected Products:
Oracle Linux 7
Oracle Linux 6

漏洞危害

Successful exploitation allows a remote attacker to execute arbitrary code on a targeted system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

Oracle Linux 7
Oracle Linux 6

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2017-1270: Oracle Linux 7

ELSA-2017-1270: Oracle Linux 6

0daybank

漏洞编号:CVE-2016-2125 企业Linux安全更新 (ELSA-2017-1265)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for samba to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

Oracle Linux 7

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2017-1265: Oracle Linux 7

0daybank

漏洞编号:VideoLAN VLC媒体播放器字幕远程代码执行漏洞

漏洞类别:Local

漏洞等级:

漏洞信息

VLC media player is a portable, free and open-source, cross-platform media player and streaming media server written by the VideoLAN project. An unauthenticated remote attacker can upload a specially crafted Subtitles file to the online repository that, when loaded by VLC users, triggers an arbitrary code execution.

Affected Version
VLC Media Player versions prior to 2.2.5.1

Detection Logic(Authenticated):
This QID checks for VLC Media Player versions less than 2.2.5.1

漏洞危害

On successful exploitation it allows remote attackers to execute arbitrary code via a crafted subtitles file.

解决方案

Customers are advised to download the latest version from VLC Media Player Download Page

Patch:
Following are links for downloading patches to fix the vulnerabilities:

VLC 2.2.5.1

0daybank

漏洞编号:CVE-2017-8535 微软恶意软件保护引擎权限升级漏洞

漏洞类别:Local

漏洞等级:

漏洞信息

The Microsoft Malware Protection Engine is a part of several Microsoft antimalware products.

Microsoft is releasing this out-of-band CVE information to announce that a security update is available for the Microsoft Malware Protection Engine. Microsoft recommends that customers verify that the update is installed, and if necessary, take steps to install the update.

QID Detection Logic (Authenticated):
The authenticated check looks for the version of mpengine.dll file.

漏洞危害

An attacker who successfully exploited this vulnerability could run code in system privilege

解决方案

Manually update the Malware Protection Engine if It’s not updated automatically

Patch:
Following are links for downloading patches to fix the vulnerabilities:

CVE-2017-8535: Windows

CVE-2017-8536: Windows

CVE-2017-8537: Windows

CVE-2017-8538: Windows

CVE-2017-8539: Windows

CVE-2017-8540: Windows

CVE-2017-8541: Windows

CVE-2017-8542: Windows

0daybank

漏洞编号:CVE-2017-7494 CentOS的Security Update for Samba

漏洞类别:CentOS

漏洞等级:

漏洞信息

CentOS has released security update for Samba to fix the vulnerabilities.

Affected Products:

centos 7

QID Detection Logic (Authenticated):
For CentOS version 6, following packages are checked for version less than – “3.6.23-43.el6_9”:-
samba, libsmbclient, libsmbclient-devel, samba-client, samba-common, samba-debuginfo, samba-doc, samba-domainjoin-gui, samba-swat, samba-winbind, samba-winbind-clients, samba-winbind-devel, samba-winbind-krb5-locator, samba-glusterfs.

For CentOS version 7, following packages are checked for version less than – “4.4.4-14.el7_3”:-
samba, libsmbclient, libsmbclient-devel, libwbclient, libwbclient-devel, samba-client, samba-client-libs, samba-common, samba-common-libs, samba-common-tools, samba-dc, samba-dc-libs, samba-debuginfo, samba-devel, samba-krb5-printing, samba-libs, samba-pidl, samba-python samba-test, samba-test-libs, samba-vfs-glusterfs, samba-winbind, samba-winbind-clients, samba-winbind-krb5-locator, samba-winbind-modules, ctdb, ctdb-tests.

漏洞危害

Successful exploitation allows a remote attacker to execute arbitrary code on a targeted system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

centos7

centos 6

0daybank

漏洞编号:CVE-2016-0757 Red Hat Enterprise Linux OpenStack Platform (Kilo) Update for glance. (RHSA-2016:0352)

漏洞类别:Local

漏洞等级:

漏洞信息

OpenStack Image Service (glance) provides discovery, registration, and delivery services for disk and server images.

An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from ‘active’ to ‘queue’. A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings. Only environments with show_multiple_locations set to true (not default) were affected. (CVE-2016-0757)

漏洞危害

A malicious tenant could exploit this flaw to silently replace owned image data, regardless of its original creator or visibility settings.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2016:0352 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2016:0352: Red Hat Enterprise Linux

0daybank

漏洞编号:CVE-2016-2140 Red Hat Enterprise Linux OpenStack Platform(kilo) Update for libvirt. (RHSA-2016:0363)

漏洞类别:Local

漏洞等级:

漏洞信息

OpenStack is a cloud operating system that controls large pools of compute, storage, and networking resources throughout a datacenter.

An information-exposure flaw was found in the OpenStack Compute (nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. Only setups using libvirt with raw storage and “use_cow_images = False” were affected. (CVE-2016-2140)

漏洞危害

On successful exploitation it allows remote authenticated users to read arbitrary files and excecute code on machine.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2016:0363 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2016:0363: Linux

0daybank

漏洞编号:CVE-2017-8798 Ubuntu Security Notification for Miniupnpc Vulnerability (USN-3298-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

It was discovered that MiniUPnP incorrectly handled memory.

漏洞危害

A remote attacker could use this issue to cause a denial of service or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library.

解决方案

Refer to Ubuntu advisory USN-3298-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3298-1: 14.04 (Kylin) on src (libminiupnpc8)

USN-3298-1: 16.10 (Yakkety) on src (libminiupnpc10)

USN-3298-1: 16.04 (Xenial) on src (libminiupnpc10)

0daybank

漏洞编号:CVE-2016-9601 Ubuntu Security Notification for Jbig2dec Vulnerabilities (USN-3297-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

It was discovered that jbig2dec incorrectly handled memory when decoding malformed image files.

It was discovered that jbig2dec incorrectly handled memory when decoding malformed image files.

It was discovered that jbig2dec incorrectly handled memory when decoding malformed image files.

It was discovered that jbig2dec incorrectly handled memory when decoding malformed image files.

漏洞危害

If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-9601)

If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly disclose sensitive information. (CVE-2017-7885)

If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-7975)

If a user or automated system were tricked into processing a specially crafted JBIG2 image file, a remote attacker could cause jbig2dec to crash, resulting in a denial of service, or possibly disclose sensitive information. (CVE-2017-7976)

0daybank

漏洞编号:CVE-2017-7494 Ubuntu Security Notification for Samba Vulnerability (USN-3296-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

It was discovered that Samba incorrectly handled shared libraries.

漏洞危害

A remote attacker could use this flaw to upload a shared library to a writable share and execute arbitrary code.

解决方案

Refer to Ubuntu advisory USN-3296-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3296-1: 16.04 (Xenial) on src (samba)

USN-3296-1: 17.04 (zesty) on src (samba)

USN-3296-1: 16.10 (Yakkety) on src (samba)

USN-3296-1: 14.04 (Kylin) on src (samba)

0daybank

漏洞编号:CVE-2017-7494 Red Hat Update for samba4 (RHSA-2017-1271)

漏洞类别:RedHat

漏洞等级:

漏洞信息

Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information.

A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494)

Affected Products
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64

漏洞危害

A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1271 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1271: Red Hat Enterprise Linux

0daybank

漏洞编号:CVE-2017-7494 Red Hat Update for samba (RHSA-2017-1270)

漏洞类别:RedHat

漏洞等级:

漏洞信息

Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.

A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494)

Affected Products
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Server – Extended Update Support 7.3 x86_64
Red Hat Enterprise Linux Server – AUS 7.3 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 7.3 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Power, big endian – Extended Update Support 7.3 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux Resilient Storage (for RHEL Server) 7 x86_64
Red Hat Enterprise Linux Resilient Storage (for RHEL Server) – Extended Update Support 7.3 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.3 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian – Extended Update Support 7.3 ppc64le
Red Hat Enterprise Linux Server for ARM 7 aarch64
Red Hat Enterprise Linux Server – TUS 7.3 x86_64

漏洞危害

A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1270 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1270: Red Hat Enterprise Linux

0daybank

漏洞编号:CVE-2017-8779 Red Hat Update for libtirpc (RHSA-2017-1268)

漏洞类别:RedHat

漏洞等级:

漏洞信息

The libtirpc packages contain SunLib’s implementation of transport-independent remote procedure call (TI-RPC) documentation, which includes a library required by programs in the nfs-utils and rpcbind packages.

It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)

Affected Products
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64

漏洞危害

An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1268 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1268: Red Hat Enterprise Linux

0daybank

漏洞编号:CVE-2017-8779 Red Hat Update for rpcbind (RHSA-2017-1267)

漏洞类别:RedHat

漏洞等级:

漏洞信息

The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses.

It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)

Affected Products
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64

漏洞危害

An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1267 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1267: Red Hat Enterprise Linux

0daybank

漏洞编号:CVE-2017-2135 WordPress WP-Statistics Plugin Cross-Site Scripting Vulnerability

漏洞类别:CGI

漏洞等级:

漏洞信息

WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. WP-Statistics is plugin for WordPress visitor statistics.

Cross-site scripting vulnerability in WP Statistics remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected Versions:
WP Statistics versions 12.0.1 and prior

QID Detection Logic:
This unauthenticated detection depends on the BlindElephant engine to detect the version of the WP-Statistics plugin in any WordPress installation as active attacks could potentially harm live installations.

漏洞危害

Successful exploitation could allow an attacker to execute arbitrary HTML and script code in a user’s browser session under the context of the site. This may allow the attacker to access sensitive browser-based information such as authentication cookies and recently submitted data.

解决方案

Customers are advised to upgrade their WordPress plugin to WP Statistics 12.0.2 or later versions to remediate this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

WP Statistics 12.0.2 or later

0daybank

漏洞编号:CVE-2017-2136 WordPress WP-Statistics Plugin Multiple Cross-Site Scripting Vulnerabilities

漏洞类别:CGI

漏洞等级:

漏洞信息

WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. WP-Statistics is plugin for WordPress visitor statistics.

The WP-Statistics WordPress plugin contains the following vulnerabilities:
CVE-2017-2136: Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
CVE-2017-2147: Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected Versions:
WP Statistics versions 12.0.4 and prior

QID Detection Logic:
This unauthenticated detection depends on the BlindElephant engine to detect the version of the WP-Statistics plugin in any WordPress installation as active attacks could potentially harm live installations.

漏洞危害

Successful exploitation could allow an attacker to execute arbitrary HTML and script code in a user’s browser session under the context of the site. This may allow the attacker to access sensitive browser-based information such as authentication cookies and recently submitted data.

解决方案

Customers are advised to upgrade their WordPress plugin to WP Statistics 12.0.5 or later versions to remediate this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

WP Statistics 12.0.5 or later

0daybank