SB16-032: Vulnerability Summary for the Week of January 25, 2016

Original release date: February 01, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — modular_encoding_platform_d9036_software Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070. 2016-01-22 10.0 CVE-2015-6412
CISCO
cisco — unified_computing_system An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. 2016-01-22 10.0 CVE-2015-6435
CISCO
debian — fuse An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. 2016-01-26 7.2 CVE-2016-1233
DEBIAN
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2016-01-25 9.3 CVE-2016-1620
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2016-01-25 7.5 CVE-2016-2052
CONFIRM
CONFIRM
CONFIRM
harman — amx_firmware The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2016-1984. 2016-01-22 10.0 CVE-2015-8362
CERT-VN
MISC
CONFIRM
CONFIRM
FULLDISC
MISC
harman — amx_firmware The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362. 2016-01-22 10.0 CVE-2016-1984
CERT-VN
CONFIRM
CONFIRM
MISC
FULLDISC
MISC
hospira — lifecare_pca_infusion_system Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000. 2016-01-22 10.0 CVE-2015-7909
MISC
lexmark — printer_firmware Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status. 2016-01-27 10.0 CVE-2016-1896
CONFIRM
microsys — promotic Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document. 2016-01-26 7.1 CVE-2016-0869
MISC
CONFIRM

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cakephp — cakephp CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter. 2016-01-26 6.8 CVE-2015-8379
CONFIRM
BUGTRAQ
FULLDISC
MISC
MISC
MISC
CONFIRM
cisco — identity_services_engine_software Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. 2016-01-23 6.8 CVE-2015-6317
CISCO
cisco — application_policy_infrastructure_controller_enterprise_module Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238. 2016-01-26 4.3 CVE-2015-6337
CISCO
cisco — unified_contact_center_express Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033. 2016-01-26 4.3 CVE-2016-1298
CISCO
cisco — unity_connection Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. 2016-01-27 4.3 CVE-2016-1300
CISCO
ecryptfs — ecryptfs-utils mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid. 2016-01-22 4.6 CVE-2016-1572
UBUNTU
DEBIAN
CONFIRM
CONFIRM
MLIST
google — chrome The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code. 2016-01-25 6.8 CVE-2016-1612
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to improper tracking of the destruction of (1) IPWL_FocusHandler and (2) IPWL_Provider objects. 2016-01-25 6.8 CVE-2016-1613
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — chrome The UnacceleratedImageBufferSurface class in WebKit/Source/platform/graphics/UnacceleratedImageBufferSurface.cpp in Blink, as used in Google Chrome before 48.0.2564.82, mishandles the initialization mode, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. 2016-01-25 4.3 CVE-2016-1614
CONFIRM
CONFIRM
CONFIRM
google — chrome The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document’s origin via unspecified vectors. 2016-01-25 4.3 CVE-2016-1615
CONFIRM
CONFIRM
google — chrome The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button. 2016-01-25 4.3 CVE-2016-1616
CONFIRM
CONFIRM
CONFIRM
google — chrome The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. 2016-01-25 4.3 CVE-2016-1617
CONFIRM
CONFIRM
CONFIRM
google — chrome Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. 2016-01-25 4.3 CVE-2016-1618
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document. 2016-01-25 6.8 CVE-2016-1619
CONFIRM
CONFIRM
CONFIRM
google — chrome Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2016-01-25 6.8 CVE-2016-2051
CONFIRM
greenbone — greenbone_os Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp. 2016-01-26 4.3 CVE-2016-1926
MISC
BUGTRAQ
CONFIRM
CONFIRM
MISC
ibm — rational_software_architect Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2016-01-27 4.3 CVE-2015-7439
CONFIRM
ibm — change_and_configuration_management_database IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files. 2016-01-27 4.9 CVE-2015-7487
CONFIRM
ibm — websphere_portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2016-01-27 4.3 CVE-2016-0209
CONFIRM
lenovo — shareit Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. 2016-01-26 4.3 CVE-2016-1489
CONFIRM
MISC
FULLDISC
privoxy — privoxy The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. 2016-01-27 5.0 CVE-2016-1982
CONFIRM
MLIST
MLIST
privoxy — privoxy The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. 2016-01-27 5.0 CVE-2016-1983
CONFIRM
MLIST
MLIST
CONFIRM
tuxfamily — chrony chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a “skeleton key.” 2016-01-26 6.8 CVE-2016-1567
FEDORA
MISC
CONFIRM
wolfssl — wolfssl wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message. 2016-01-22 5.0 CVE-2015-6925
CONFIRM
MISC
CONFIRM
xen — xen The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates. 2016-01-22 6.9 CVE-2016-1570
CONFIRM
SECTRACK
xen — xen The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check. 2016-01-22 4.7 CVE-2016-1571
CONFIRM
SECTRACK

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — websphere_application_server Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider. 2016-01-23 3.5 CVE-2015-7417
CONFIRM
AIXAPAR
ibm — spectrum_scale IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors. 2016-01-27 2.1 CVE-2015-7488
CONFIRM
lenovo — shareit The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list. 2016-01-26 2.7 CVE-2016-1490
CONFIRM
MISC
FULLDISC
lenovo — shareit The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. 2016-01-26 3.3 CVE-2016-1491
CONFIRM
MISC
FULLDISC
lenovo — shareit The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. 2016-01-26 2.9 CVE-2016-1492
CONFIRM
MISC
FULLDISC
wolfssl — wolfssl wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorm (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. 2016-01-22 2.6 CVE-2015-7744
CONFIRM
MISC
MISC
CONFIRM
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

How Spy Agencies Hacked into Israeli Military Drones to Collect Live Video Feeds

Featured Image Only. See Original leaked images below.

In a joint surveillance program, the US intelligence agency NSA (National Security Agency) and the British intelligence agency GCHQ (Government Communications Headquarters) hacked into, decrypted, and tracked live video feeds of Israeli Military Drones and Fighter Jets.

This could be one of the most shocking and embarrassing

Netlife Photosuite Pro – Client Side Cross Site Scripting Vulnerability

Posted by Vulnerability Lab on Feb 01

Document Title:
===============
Netlife Photosuite Pro – Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1692

Release Date:
=============
2016-01-29

Vulnerability Laboratory ID (VL-ID):
====================================
1692

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:…

CESA-2016:0083 Important CentOS 7 qemu-kvmSecurity Update

CentOS Errata and Security Advisory 2016:0083 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0083.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
4b32c17ff1beedcb1f6061718d320fabefdfbc097c158d4b1dae708fd42fdcea  libcacard-1.5.3-105.el7_2.3.i686.rpm
e67108224ae1a48a7e3fe50c844eb72cbb1f2577e14a8b4125223a7733fae0d1  libcacard-1.5.3-105.el7_2.3.x86_64.rpm
d87a6e35540834492782b7b8912a4585aa1aed9bc8e8be2411869ac629992b2e  libcacard-devel-1.5.3-105.el7_2.3.i686.rpm
de52616bc23aa304b8e5754dbd01ea01885be400a7c1971f175a71a4c319c8e2  libcacard-devel-1.5.3-105.el7_2.3.x86_64.rpm
9d5121b15522703d568ef24aa6445d70aa25cce27bff49c94ebebe0d484b461e  libcacard-tools-1.5.3-105.el7_2.3.x86_64.rpm
f6b81452aa1929447d9bc9b1801276e11c20f356a5fffff4817994da23073ce6  qemu-img-1.5.3-105.el7_2.3.x86_64.rpm
21eaddeefef89775defa32724cb48d501184212b8d05d128a3c83911c1fc2099  qemu-kvm-1.5.3-105.el7_2.3.x86_64.rpm
89bb7aa5f7b8d0ed361b7b9090f7a3a508213829237da9e39b3a1d7a674b4fcc  qemu-kvm-common-1.5.3-105.el7_2.3.x86_64.rpm
eb6f93064a64451b608d32f292e94fad18c53a16790507fe2d97bf1d0b78e006  qemu-kvm-tools-1.5.3-105.el7_2.3.x86_64.rpm

Source:
f963af3a6d471d8b82c5afef2fc76ef4f1dd3985e10ceafe2b04e04ef1571bf4  qemu-kvm-1.5.3-105.el7_2.3.src.rpm



CESA-2016:0082 Important CentOS 6 qemu-kvmSecurity Update

CentOS Errata and Security Advisory 2016:0082 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0082.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
a1f7d969256f40bceda80f8b528483daa4c46ffd1aa161d688b5213e82534728  qemu-guest-agent-0.12.1.2-2.479.el6_7.4.i686.rpm

x86_64:
1e0bbdb48082401bf939242e8365ed87d978d810461fd5f5f8a07fb27cc68908  qemu-guest-agent-0.12.1.2-2.479.el6_7.4.x86_64.rpm
5659db7806844d947e48a239a10e171bfe614f6ec55e41dc4456bbf681ed93a3  qemu-img-0.12.1.2-2.479.el6_7.4.x86_64.rpm
02c1fb0cf175af0ef966c9bdba504598dcc296acd84943e84c6950b660119858  qemu-kvm-0.12.1.2-2.479.el6_7.4.x86_64.rpm
3a706f6a6c9dd68d53403d9bf28e0460d166ccb14b5e236cb3a570fed8981945  qemu-kvm-tools-0.12.1.2-2.479.el6_7.4.x86_64.rpm

Source:
15dd53d31a04e2fbff8ed17825a00a8db774e4b765d21cb8e425dfa7f420e1ed  qemu-kvm-0.12.1.2-2.479.el6_7.4.src.rpm



Warning — Popular 'Hot Patching' Technique Puts iOS Users At Risk

Do you know?… Any iOS app downloaded from Apple’s official App Store has an ability to update itself from any 3rd-party server automatically without your knowledge.

Yes, it is possible, and you could end up downloading malware on your iPhone or iPad.

Unlike Google, Apple has made remarkable efforts to create and maintain a healthy and clean ecosystem of its official App Store.

Although