CVE-2017-6627 Cisco IOS and IOS XE Software UDP Packet Processing Denial of Service Vulnerability (cisco-sa-20170906-ios-udp)

漏洞类别:Cisco

漏洞等级:

漏洞信息

A vulnerability in the UDP processing code of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service condition.
The vulnerability is due to Cisco IOS Software application changes that create UDP sockets and leave the sockets idle without closing them.

漏洞危害

An attacker could exploit this vulnerability by sending UDP packets with a destination port of 0 to an affected device. A successful exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets.

解决方案

Refer to Cisco advisory cisco-sa-20170906-ios-udp for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

cisco-sa-20170906-snmp: CISCO IOS

0daybank

CVE-2017-12611 Apache Struts Freemarker Tag Remote Code Execution Vulnerability (S2-053)

漏洞类别:Local

漏洞等级:

漏洞信息

Apache Struts is an open-source Model-View-Controller (MVC) framework for creating elegant, modern Java web applications.

A RCE attack is possible when developer is using wrong construction in Freemarker tags (CVE-2017-12611). Affected software:
Struts 2.0.1 – Struts 2.3.33, Struts 2.5 – Struts 2.5.10

QID detection logic (Authenticated):
Detection looks for “struts core” jar files in deployed web applications directories and lib folder of Tomcat server. Once it successfully finds the jar file, version information is extracted from that jar files and compared.
Please note: Our detection does not support if the applications are deployed with server configuration unpackWARs=false.

漏洞危害

A remote attacker could exploit this vulnerability to execute arbitrary code.

解决方案

The vendor has released advisories and updates to fix these vulnerabilities.
Refer to the following link for further details: Apache Struts Announcements 07 September 2017

Patch:
Following are links for downloading patches to fix the vulnerabilities:

S2-053 (Apache Struts )

0daybank

CVE-2017-3142 IBM AIX BIND Security Bypass Vulnerability (bind_advisory16)

漏洞类别:AIX

漏洞等级:

漏洞信息

ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error when an attacker can send and receive messages to an authoritative DNS server and has knowledge of a valid TSIG key name.

Affected Versions:
AIX 6.1, 7.1
APAR versions:
IV98826m9a, IV98827m3a

Note:The detection requires root privileges to run “emgr -c” to check for patches. In absence of such privileges, the detection may not output actual results.

漏洞危害

By sending a specially crafted request packet, an attacker could exploit this vulnerability to bypass TSIG authentication on AXFR requests and transfer the target zone.

解决方案

The vendor has released fixes to resolve this vulnerability. Refer to AIX bind_advisory16 to obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

bind_advisory16

0daybank

CVE-2017-10108 IBM AIX Java Multiple Vulnerabilities (java_july2017_advisory)

漏洞类别:AIX

漏洞等级:

漏洞信息

There are multiple vulnerabilities in IBM SDK Java Technology Edition Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in July 2017.

Affected Versions:-
AIX 5.3, 6.1, 7.1, 7.2

漏洞危害

Successful exploitation allows remote attackers to affect confidentiality, integrity, and availability impact.

解决方案

The vendor has released fixes to resolve this vulnerability. Refer to AIX java_july2017_advisory to obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

java_july2017_advisory: AIX

0daybank

CVE-2017-11283 Adobe Security Hotfix for ColdFusion (APSB17-30)

漏洞类别:Local

漏洞等级:

漏洞信息

Adobe ColdFusion is an application for developing Web sites.

Adobe has released security hotfixes for ColdFusion version 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting), External XML Entity (XXE) Reference and Deserialization of untrusted data.

Affected Versions:
ColdFusion (2016 release) Update 4 and earlier versions
ColdFusion 11 Update 12 and earlier versions

漏洞危害

Depending on the vulnerability being exploited, an unauthenticated, remote attacker could execution arbitrary Java or Javascript code or exploit XXE.

解决方案

The vendor has released a hotfix to patch this vulnerability. Please refer to APSB17-30 for detailed information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

APSB17-30

0daybank

CVE-2017-11281 Adobe Flash Player Remote Code Execution Vulnerability (APSB17-28)

漏洞类别:Local

漏洞等级:

漏洞信息

Adobe Flash Player is a Cross-platform plugin plays animations, videos and sound files in .SWF format.

These vulnerabilities that could potentially allow an attacker to take control of the affected system. (CVE-2017-11281,CVE-2017-11282)

Affected Versions:
Adobe Flash Player 26.0.0.151 and earlier.

漏洞危害

Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code on a targeted system.

解决方案

Customers are advised to refer to APSB17-28 for updates pertaining to this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

APSB17-28: Windows

APSB17-28: MAC OS X

0daybank

CVE-2017-8676 Microsoft Lync and Skype for Business Security Update for September 2017

漏洞类别:Office Application

漏洞等级:

漏洞信息

Microsoft released security updates that resolve vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. The following updates were released in September 2017:
CVE-2017-8676: An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system.
CVE-2017-8695: An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.
CVE-2017-8696: A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

KB Articles associated with this update:
3213568, 4011040, 4011107, 4025865, 4025866, 4025867

漏洞危害

Successful exploitation allows an attacker to execute arbitrary code and bypass security restrictions to gain access to sensitive information.

解决方案

Customers are advised to refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

KB4011107

KB4025865

KB4025866

KB4025867

KB3213568

KB4011040

0daybank

CVE-2017-1000250 Red Hat Update for bluez (RHSA-2017:2685) (Blueborne)

漏洞类别:RedHat

漏洞等级:

漏洞信息

The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files.

An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys. (CVE-2017-1000250)
Affected Products:
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Server – Extended Update Support 7.4 x86_64
Red Hat Enterprise Linux Server – AUS 7.4 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 7.4 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Power, big endian – Extended Update Support 7.4 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian – Extended Update Support 7.4 ppc64le
Red Hat Enterprise Linux Server for ARM 7 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) – 4 Year Extended Update Support 7.4 ppc64le
Red Hat Enterprise Linux Server – 4 Year Extended Update Support 7.4 x86_64

漏洞危害

A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:2685 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:2685: Red Hat Enterprise Linux

0daybank

CVE-2017-1000251 Red Hat Update for kernel (RHSA-2017:2682) (Blueborne)

漏洞类别:RedHat

漏洞等级:

漏洞信息

The kernel packages contain the Linux kernel, the core of any Linux operating system.

A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important)
Affected Products:
Red Hat Enterprise Linux Server – Extended Update Support 6.7 x86_64
Red Hat Enterprise Linux Server – Extended Update Support 6.7 i386
Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 6.7 s390x
Red Hat Enterprise Linux for Power, big endian – Extended Update Support 6.7 ppc64
Red Hat Enterprise Linux EUS Compute Node 6.7 x86_64

漏洞危害

An unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:2682 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:2682: Red Hat Enterprise Linux

0daybank

CVE-2017-1000251 Red Hat Update for kernel (RHSA-2017:2680) (Blueborne)

漏洞类别:RedHat

漏洞等级:

漏洞信息

The kernel packages contain the Linux kernel, the core of any Linux operating system.

A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important)
Affected Products:
Red Hat Enterprise Linux Server – Extended Update Support 7.3 x86_64
Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 7.3 s390x
Red Hat Enterprise Linux for Power, big endian – Extended Update Support 7.3 ppc64
Red Hat Enterprise Linux EUS Compute Node 7.3 x86_64
Red Hat Enterprise Linux for Power, little endian – Extended Update Support 7.3 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) – 4 Year Extended Update Support 7.3 ppc64le
Red Hat Enterprise Linux Server – 4 Year Extended Update Support 7.3 x86_64

漏洞危害

An unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:2680 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:2680: Red Hat Enterprise Linux

0daybank

CVE-2017-1000251 Red Hat Update for kernel (RHSA-2017:2679) (Blueborne)

漏洞类别:RedHat

漏洞等级:

漏洞信息

The kernel packages contain the Linux kernel, the core of any Linux operating system.

A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important)
Affected Products:
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server – Extended Update Support 7.4 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 7.4 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian – Extended Update Support 7.4 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian – Extended Update Support 7.4 ppc64le
Red Hat Enterprise Linux Server for ARM 7 aarch64
Red Hat Virtualization Host 4 x86_64
Red Hat Enterprise Linux Server – TUS 7.4 x86_64
Red Hat Enterprise Linux Server (for IBM Power LE) – 4 Year Extended Update Support 7.4 ppc64le
Red Hat Enterprise Linux Server – 4 Year Extended Update Support 7.4 x86_64

漏洞危害

An unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:2679 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:2679: Red Hat Enterprise Linux

0daybank

CVE-2017-1000251 Red Hat Update for kernel (RHSA-2017:2681) (Blueborne)

漏洞类别:RedHat

漏洞等级:

漏洞信息

The kernel packages contain the Linux kernel, the core of any Linux operating system.

A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important)

Affected Products:
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64

漏洞危害

An unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:2681 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:2681: Red Hat Enterprise Linux

0daybank

CVE-2017-5111 Red Hat Update for chromium-browser (RHSA-2017:2676)

漏洞类别:RedHat

漏洞等级:

漏洞信息

Chromium is an open-source web browser, powered by WebKit (Blink).

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120)

Affected Products:
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386

漏洞危害

A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:2676 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:2676: Red Hat Enterprise Linux

0daybank

CVE-2013-4063 IBM Domino, iNotes Multiple Cross-Site Scripting Vulnerabilities (swg21659959)

漏洞类别:Local

漏洞等级:

漏洞信息

IBM Domino (formerly IBM Lotus Domino) is an advanced platform for hosting social business applications.

IBM Domino is affected with multiple cross-site scripting vulnerabilities which can be exploited by a remote attacker.

Affected Version:
IBM Domino 9.0.0 prior to 9.0.1
IBM Domino 8.5.3 prior to 8.5.3 Fix Pack 6
IBM Domino 8.5.2x
IBM Domino 8.5.1x

QID Detection Logic (Authenticated):
The check for vulnerable version of IBM Domino by looking at the file version of “nserver.exe”. The path for “nserver.exe” is retrived via the registry key “HKLM\SOFTWARE\Wow6432Node\Lotus\Domino” value “Path”.

漏洞危害

Successsul exploitation of the vulnerability will lead to Cross-Site Scripting attacks.

解决方案

Refer to IBM advisory swg21659959 to obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

swg21659959

0daybank

CVE-2016-4385 HPE Network Automation Java Deserialization Vulnerability (HPSBGN03649)

漏洞类别:Local

漏洞等级:

漏洞信息

HPE Network Automation software automates network configuration and change management (NCCM) from provisioning to policy-based change and security.

HPE Network Automation is affected by a Java object deserialization vulnerability in Apache Commons-Collections and Commons-BeanUtils library which can be exploited remotely allowing remote code execution.

Affected Versions:
HPE Network Automation 9.1x, 9.2x
HPE Network Automation 10.0x prior to 10.00.02.01
HPE Network Automation 10.1x prior to 10.11.00.01

QID detection logic (Authenticated):
Operating Systems: Windows
The QID checks the key “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HPE Network Automation” value “DisplayVersion”.
The following Versions and Interim Fixes checked (HPSBGN03649):
HPE Network Automation 9.1x, 9.2x
HPE Network Automation 10.0x prior to 10.00.02.01
HPE Network Automation 10.1x prior to 10.11.00.01

漏洞危害

Successful exploitation of the vulnerability will lead to remote code execution.

解决方案

The vendor has released a fix. Refer to HPSBGN03649 for details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

HPSBGN03649

0daybank

CVE-2017-10664 SUSE Enterprise Linux Security Update for qemu (SUSE-SU-2017:2416-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for qemu to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Desktop 12-SP3

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:2416-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:2416-1: SUSE Enterprise Linux

0daybank

CVE-2017-1000083 SUSE Enterprise Linux Security Update for evince (SUSE-SU-2017:2390-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for evince to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:2390-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:2390-1: SUSE Enterprise Linux

0daybank

CVE-2014-9922 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2017:2389-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for the linux kernel to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:2389-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:2389-1: SUSE Enterprise Linux

0daybank

CVE-2016-7458 VMware vCenter Server 6.0 Update 2a Missing (VMSA-2016-0022)

漏洞类别:VMware

漏洞等级:

漏洞信息

VMware vCenter is the centralized management tool for the vSphere suite. The target is missing Update 2a, which corrects the following security issue:

vCenter Server contains an XML External Entity (XXE) vulnerability in the Log Browser, the Distributed Switch setup, and the Content Library.
vCenter Server and vRealize Automation contain an XML External Entity (XXE) vulnerability in the Single Sign-On functionality.

漏洞危害

A specially crafted XML request issued to the server by an authorized user may lead to unintended information disclosure.

解决方案

VMware has issued a fix (vCenter Server 6.0 U2a).

Upgrade vCenter Server Appliance to Build 4541947 or apply the latest VMware vCenter Server Appliance build.

Refer to VMSA-2016-0022 for further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

VMSA-2016-0022: VMware vCenter Server 6.0

0daybank

CVE-2017-12943 D-Link Router DIR-600 Authentication Bypass Vulnerability

漏洞类别:Hardware

漏洞等级:

漏洞信息

D-Link Router DIR-600 discloses admin credentials via LFI leading to authentication bypass.

Affected Routers:
D-Link Router DIR-600 firmware version 2.01B1. Older versions may also be affected.

Detection Logic (Unauthenticated):
This QID actively tries to grab admin password from vulnerable routers.

漏洞危害

An unauthenticated, remote attacker could exploit this vulnerability to gain retrieve admin password and gain access to the router’s interface.

解决方案

Customers are advised to upgrade to the latest firmware.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

MyDLink

0daybank