CVE-2016-10200 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2017-3605)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 7
Oracle Linux 6

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

Oracle Linux 7
Oracle Linux 6

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2017-3605: Oracle Linux 7

ELSA-2017-3605: Oracle Linux 6

0daybank

CVE-2017-1000117 Oracle Enterprise Linux Security Update for git (ELSA-2017-2484)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for git to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

Oracle Linux 7

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2017-2484: Oracle Linux 7

0daybank

CVE-2017-7533 Oracle Enterprise Linux Security Update kernel (ELSA-2017-2473-1)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

Oracle Linux 7

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2017-2473-1: Oracle Linux 7

0daybank

CVE-2017-9802 Apache Sling Cross-Site-Scripting Vulnerability

漏洞类别:CGI

漏洞等级:

漏洞信息

Apache Sling is a web framework that uses a Java Content Repository, such as Apache Jackrabbit, to store and manage content.

The Javascript method Sling.evalString() uses the javascript ‘eval’ function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.

Affected Version:
org.apache.sling.servlets.post bundle up to 2.3.21

Detection Logic:
This QID checks for Apache Sling installations running with default credentials and that have vulnerable versions of Apache Sling Servlet post authentication.

漏洞危害

An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary Javascript code on victim’s browser.

解决方案

Vendor has released an updated version org.apache.sling.servlets.post 2.3.22 to fix this issue. Refer to the SLING-7041 for more details on the vulnerability and patches.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SLING-7041

0daybank

CVE-2017-6923 Drupal Core Multiple Security Vulnerabilities (SA-CORE-2017-004)

漏洞类别:CGI

漏洞等级:

漏洞信息

Drupal is a free and open-source content management framework written in PHP and distributed under the GNU General Public License. It is also used for knowledge management and business collaboration.

Drupal contains the following security vulnerabilities:
CVE-2017-6923: When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view.
CVE-2017-6924: When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments.
CVE-2017-6925: There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity..

Affected Versions:
Drupal core 8.x versions prior to 8.3.7

QID Detection Logic:
This QID depends on BlindElephant engine to detect the version of the Drupal installation as active attacks could potentially harm live installations.

漏洞危害

Depending on the vulnerability being exploited, an attacker could bypass security restrictions to post comments or view restricted content.

解决方案

Customers are advised to upgrade to Drupal 8.3.7 or later versions to remediate these vulnerabilities.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Drupal 8.3.7

0daybank

CVE-2014-7975 Oracle Enterprise Linux Security Update for kernel (ELSA-2017-1842-1)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for kernel to fix the vulnerabilities.

Affected Product:
Oracle Linux 7

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

Oracle Linux 7

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2017-1842-1: Oracle Linux 7

0daybank

CVE-2017-12904 Debian Security Update for newsbeuter (DSA 3947-1)

漏洞类别:Debian

漏洞等级:

漏洞信息

Debian has released security update for newsbeuter to fix the vulnerabilities.

漏洞危害

Successful exploitation of the vulnerability will allow a remote attacker to run an arbitrary shell command on the client machine.

解决方案

Refer to Debian security advisory DSA 3947-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

DSA 3947-1: Debian

0daybank

CVE-2017-6419 Debian Security Update for libmspack (DSA 3946-1)

漏洞类别:Debian

漏洞等级:

漏洞信息

Debian has released security update for libmspack to fix the vulnerabilities.

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Refer to Debian security advisory DSA 3946-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

DSA 3946-1: Debian

0daybank

CVE-2017-3308 Debian Security Update for mariadb-10.0 (DSA 3944-1)

漏洞类别:Debian

漏洞等级:

漏洞信息

Debian has released security update for mariadb-10.0 to fix the vulnerabilities.

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Refer to Debian security advisory DSA 3944-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

DSA 3944-1: Debian

0daybank

CVE-2016-4397 HPE Network Node Manager i (NNMi) Local Code Execution Vulnerability

漏洞类别:Local

漏洞等级:

漏洞信息

A potential security vulnerability was identified in HPE Network Node Manager i (NNMi) Software. The vulnerability can result in local code execution

Affected Software:
HPE Network Node Manager i (NNMi) Software 10.00, 10.01, 10.10, 10.20.

漏洞危害

On successful exploitation it allows an attackers to execute arbitrary code on a targeted system.

解决方案

Customers are advised to refer to HPSBGN03657 for updates pertaining to this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

HPSBGN03657: Windows (Network Node Manager i 10.01)

HPSBGN03657: Windows (Network Node Manager i 10.10)

HPSBGN03657: Windows (Network Node Manager i 10.20)

0daybank

CVE-2017-7543 Red Hat Update for openstack-neutron (RHSA-2017:2449)

漏洞类别:RedHat

漏洞等级:

漏洞信息

OpenStack Networking (neutron) is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines.

A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. (CVE-2017-7543)

Affected Products
Red Hat OpenStack 11 x86_64

漏洞危害

An attacker could access exposed tenant VMs and network resources.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:2449 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:2449: Red Hat Enterprise Linux

0daybank

CVE-2017-1000115 Red Hat Update for mercurial (RHSA-2017:2489)

漏洞类别:RedHat

漏洞等级:

漏洞信息

Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects.

A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of commits mixing symlinks and regular files/directories to trick Mercurial into writing outside of a given repository. (CVE-2017-1000115)
A shell command injection flaw related to the handling of “ssh” URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a “checkout” or “update” action on a sub-repository within a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000116)
Affected Products
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server – Extended Update Support 7.4 x86_64
Red Hat Enterprise Linux Server – AUS 7.4 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 7.4 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian – Extended Update Support 7.4 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian – Extended Update Support 7.4 ppc64le
Red Hat Enterprise Linux Server for ARM 7 aarch64
Red Hat Enterprise Linux Server – TUS 7.4 x86_64

漏洞危害

An attacker could abuse a repository with a series of commits mixing symlinks and regular files/directories to trick Mercurial into writing outside of a given repository. (CVE-2017-1000115)
A shell command injection flaw can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a “checkout” or “update” action on a sub-repository within a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000116)

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:2489 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:2489: Red Hat Enterprise Linux

0daybank

CVE-2017-10951 Foxit Reader Multiple Remote Code Execution Vulnerabilities (Zero Day)

漏洞类别:Local

漏洞等级:

漏洞信息

Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.

Foxit Reader is prone to the following vulnerabilities:

A. Foxit Reader launchURL Command Injection Remote Code Execution Vulnerability
B. Foxit Reader saveAs Arbitrary File Write Remote Code Execution Vulnerability

漏洞危害

On successful exploitation it allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader.

解决方案

Solution is not available.
Workaround:

Foxit reader has Safe Reading Mode which is enabled by default to control the running of JavaScript, which can effectively guard against potential vulnerabilities from unauthorized JavaScript action.

0daybank

CVE-2016-10200 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2017-3607)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 6

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

Oracle Linux 6

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2017-3607: Oracle Linux 6

0daybank

CVE-2017-1134 IBM Tivoli System Automation for Multiplatforms Privilege Escalation Vulnerability (swg21998459)

漏洞类别:Local

漏洞等级:

漏洞信息

A privilege escalation vulnerability affects IBM Reliable Scalable Cluster Technology shipped with IBM Tivoli System Automation for Multiplatforms.

Affected Products:
IBM Tivoli System Automation for Multiplatforms 4.1 and 3.2.2.9. QID Detection Logic:
This authenticated QID checks for the output of command ” /usr/sbin/rsct/bin/samversion”.

漏洞危害

This vulnerability could be exploited to gain root access.

解决方案

Customers are advised to refer to swg21998459 for updates pertaining to this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

swg21998459 (IBM Tivoli System Automation for Multiplatforms)

0daybank

NetSarang Multiple Products Backdoor Vulnerability (ShadowPad)

漏洞类别:Local

漏洞等级:

漏洞信息

NetSarang Computer, Inc. develops, markets and supports secure connectivity solution in the global market. The company develops a family of PC X server and SSH client software for PC-to-Unix and PC-to-Linux, and is expanding its TCP/IP network technologies to other Internet businesses.

It was found that NetSarang’s update mechanism was recently hijacked and a backdoor was inserted silently in the software update, so that the malicious code would silently deliver to all of its clients with NetSarang’s legitimate signed certificate.

Affected Version:
Xmanager Enterprise 5 Build 1232
Xmanager 5 Build 1045
Xshell 5 Build 1322
Xftp 5 Build 1218
Xlpd 5 Build 1220

Detection Logic:
This QID checks for affected product’s build version in the registry and its associated executable.

漏洞危害

An unauthenticated, remote attacker could exploit compromised targets.

解决方案

Customers are advised to download latest packages from NetSarang Product Downloads

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Downloads

0daybank

CVE-2017-1000115 Oracle Enterprise Linux Security Update for mercurial (ELSA-2017-2489)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for mercurial to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

Oracle Linux 7

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2017-2489: Oracle Linux 7

0daybank

CVE-2016-6814 Oracle Enterprise Linux Security Update for groovy (ELSA-2017-2486)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for groovy to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

Oracle Linux 7

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2017-2486: Oracle Linux 7

0daybank

CVE-2017-1000117 Oracle Enterprise Linux Security Update for git (ELSA-2017-2485)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for git to fix the vulnerabilities.

Affected Products:
Oracle Linux 6

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

Oracle Linux 6

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2017-2485: Oracle Linux 6

0daybank

CVE-2017-10686 Fedora Security Update for nasm (FEDORA-2017-a1fe6d2b86)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for nasm to fix the vulnerability.

Affected OS:
Fedora 25

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-a1fe6d2b86: Fedora 25

0daybank