CVE-2017-7826 Red Hat Update for firefox (RHSA-2017:3247)

漏洞类别:RedHat

漏洞等级:

漏洞信息

Mozilla Firefox is an open source web browser.

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-7826, CVE-2017-7828, CVE-2017-7830)
Affected Products
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64
Red Hat Enterprise Linux Server - AUS 7.4 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.4 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.4 ppc64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.4 ppc64le
Red Hat Enterprise Linux Server - TUS 7.4 x86_64
Red Hat Enterprise Linux for ARM 64 7 aarch64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - 4 Year Extended Update Support 7.4 ppc64le
Red Hat Enterprise Linux Server - 4 Year Extended Update Support 7.4 x86_64

漏洞危害

A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:3247 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:3247: Red Hat Enterprise Linux

0daybank

CVE-2017-10266 Oracle Tuxedo and PeopleSoft Multiple Vulnerabilties

漏洞类别:Local

漏洞等级:

漏洞信息

Oracle Tuxedo is an application server for non-Java languages. It provides a bunch of facilities that help customers build and deploy enterprise applications written in C, C++, COBOL, and with the SALT add-on applications written in Python and Ruby. As an application server, it provides containers to host your business logic written in those languages.

Oracle Jolt is a Java-based client API that manages requests to Oracle Tuxedo services via a Jolt Service Listener (JSL) running on the Tuxedo server. The Jolt API is embedded within the WebLogic API, and is accessible from a servlet or any other Oracle WebLogic application.

Jolt server within Oracle Tuxedo suffers from multiple vulnerabilities. Since Oracle PeopleSoft products include and use Oracle Tuxedo in their distributions, these vulnerabilities also affect Oracle PeopleSoft.

Affected Versions:
Oracle Tuxedo versions 12.1.3.0.0 prior to Patch Level RP100
Oracle Tuxedo versions 12.1.1.0.0 prior to Patch Level RP089
Oracle Tuxedo versions 12.2.2.0.0 prior to Patch Level RP023
Oracle Tuxedo versions 11.1.1.2.0 prior to Patch Level RP179
Oracle Tuxedo versions 11.1.1.3.0 prior to Patch Level RP035

QID Detection Logic(Authenticated):
This QID looks for Jolt Server binary 'JSL' on the target and checks to see if the modification date is less than the patched binary.

漏洞危害

An unauthenticated, remote attacker could exploit these vulnerabilities to retrieve logged in users credentials from the target server running Oracle Tuxedo.

解决方案

Customers are advised to refer to Oracle Security Alert Advisory - CVE-2017-10269 for information pertaining to remediating this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Oracle Security Alert Advisory-CVE-2017-10269

0daybank

CVE-2017-4934 VMware Workstation and Fusion Multiple Vulnerabilities (VMSA-2017-0018)

漏洞类别:Local

漏洞等级:

漏洞信息

VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems.

Multiple vulnerabilities were reported in VMware Workstation and Fusion.
A local user on the guest system can trigger a heap overflow in the VMNAT device to execute arbitrary code on the host system [CVE-2017-4934].
A local user on the guest system can trigger an out-of-bounds memory write error in Cortado ThinPrint ('TPView.dll') to cause denial of service conditions or execute arbitrary code on the host system [CVE-2017-4935]. Systems with virtual printing enabled are affected. VMware Fusion is not affected.
A local user on the guest system can trigger an out-of-bounds memory read error in Cortado ThinPrint ('TPView.dll') in the in JPEG2000 parser to cause denial of service conditions or execute arbitrary code on the host system [CVE-2017-4936, CVE-2017-4937]. Systems with virtual printing enabled are affected.
A local user on the guest system can trigger an RPC null pointer dereference to cause the guest system to crash [CVE-2017-4938].
A local user can exploit a DLL hijacking flaw in the installer to potentially execute arbitrary code [CVE-2017-4939].

Affected Versions
VMware Fusion prior to 8.5.9,
VMware Workstation prior to 12.5.8

Detection Logic(Unauthenticated):
This QID checks for vulnerable versions of vmware.exe and Fusion.

漏洞危害

A local user on the guest system can cause denial of service conditions on the guest system.
A local user on the guest system can gain elevated privileges on the host system.

解决方案

VMware has issued a fix (Fusion 8.5.9, Workstation 12.5.8).
Refer to VMSA-2017-0018 for further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

VMSA-2017-0018: Windows

VMSA-2017-0018: MAC OS X

0daybank

CVE-2011-1937 Webmin prior to 1.500 Multiple Vulnerabilities

漏洞类别:CGI

漏洞等级:

漏洞信息

Webmin is a Web-based interface for system administration of Unix and Linux operating systems. Webmin prior to 1.500 suffers from several critical vulnerabilities

Affected Software:
Webmin Versions prior to 1.500

QID Detection Logic (Unauthenticated):
This QID determines a vulnerable version of Webmin server based on a HTTP response header.

漏洞危害

This system is exposed to multiple vulnerabilities and is at a high risk of being exploited.

解决方案

Customers are advised to upgrade to the latest Webmin version.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Download Webmin

0daybank

CVE-2017-5711 Intel Active Management Technology Multiple Remote Code Execution Vulnerabilities

漏洞类别:General remote services

漏洞等级:

漏洞信息

The following buffer overflow conditions exist in Intel Active Management Technology (AMT):
CVE-2017-5711: Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
CVE-2017-5712: Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.

Affected Versions:
Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20

QID Detection Logic (Un-authenticated):
Intel AMT when enabled exposes its version remotely on TCP ports 16992, 16993. This QID matches vulnerable versions based on the exposed information.

漏洞危害

Successful exploitation allows a remote attacker to execute arbitrary code on a targeted system.

解决方案

Customers are advised to refer to INTEL-SA-00086 for information pertaining to remediating this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

INTEL-SA-00086

0daybank

CVE-2017-12635 Apache CouchDB Multiple Vulnerabilities.

漏洞类别:Database

漏洞等级:

漏洞信息

Apache CouchDB is a free open source document oriented database written in the Erlang programming language.

This Apache CouchDB update fixes the following vulnerabilities:
CVE-2017-12635:Remote Code Execution.
CVE-2017-12636:Execution of arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.

Affected Versions:

Apache CouchDB prior to 1.7.0 and 2.x prior to 2.1.1]

QID Detection Logic(Remote)
It checks for vulnerable version of Apache CouchDB.

漏洞危害

Successful exploitation of these vulnerabilities could allow a remote attacker to conduct unspecified attacks.

解决方案

Customers are advised to upgrade to ApacheCouchDb

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Apache CouchDb

0daybank

CVE-2017-2750 HP Printers Remote Code Execution Vulnerability

漏洞类别:Web server

漏洞等级:

漏洞信息

A Remote Code Execution vulnerability has been identified in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, and HP OfficeJet Enterprise printers. The vulnerability exists due to Insufficient DLL Signature Validation.

This vulnerability affects approximately 50 enterprise printers. Please refer to the advisory in the solution section for more information about products affected.

QID Detection Logic (unauthenticated):
This QID detects the vulnerable version of HP Printer via "hp/device/InternalPages/Index?id=ConfigurationPage" web page.

漏洞危害

An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code on the printer.

解决方案

Customers are advised to refer to HP Security Bulletin-c05839270 for information pertaining to remediating this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

c05839270

0daybank

CVE-2016-4570 SUSE Enterprise Linux Security Update for mxml (SUSE-SU-2017:3060-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for mxml to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4

漏洞危害

This vulnerability can be used to cause a complete denial of service and could render the resource completely unavailable.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command "yum update".

Refer to SUSE security advisory SUSE-SU-2017:3060-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:3060-1: SUSE Enterprise Linux

0daybank

CVE-2017-11534 SUSE Enterprise Linux Security Update for GraphicsMagick (SUSE-SU-2017:3056-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for graphicsmagick to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command "yum update".

Refer to SUSE security advisory SUSE-SU-2017:3056-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:3056-1: SUSE Enterprise Linux

0daybank

CVE-2017-1000229 Ubuntu Security Notification for Optipng Vulnerability (USN-3495-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

It was discovered that OptiPNG incorrectly handled memory.

漏洞危害

A remote attacker could use this issue with a specially crafted image file to cause OptiPNG to crash, resulting in a denial of service, or possibly execute arbitrary code.

解决方案

Refer to Ubuntu advisory USN-3495-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3495-1: 16.04 (Xenial) on src (optipng)

USN-3495-1: 17.10 (artful) on src (optipng)

USN-3495-1: 17.04 (zesty) on src (optipng)

USN-3495-1: 14.04 (Kylin) on src (optipng)

0daybank