Monthly Archives: July 2016

Security

Red Hat Security Advisory 2016-1377-01

Red Hat Security Advisory 2016-1377-01 – OpenStack Bare Metal is a tool used to provision bare metal machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific functionality. Security Fix: An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node’s /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node’s full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses.

Security

Red Hat Security Advisory 2016-1378-01

Red Hat Security Advisory 2016-1378-01 – OpenStack Bare Metal is a tool used to provision bare metal machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific functionality. Security Fix: An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node’s /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node’s full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses.

Security

Red Hat Security Advisory 2016-1380-01

Red Hat Security Advisory 2016-1380-01 – Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: The nodejs-qs module has the ability to create sparse arrays during parsing. By specifying a high index in a querystring parameter it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash.

US-CERT

TA16-187A: Symantec and Norton Security Products Contain Critical Vulnerabilities

Original release date: July 05, 2016

Systems Affected

All Symantec and Norton branded antivirus products

Overview

Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.

Description

The vulnerabilities are listed below:

CVE-2016-2207

  • Symantec Antivirus multiple remote memory corruption unpacking RAR [1]

CVE-2016-2208

  • Symantec antivirus products use common unpackers to extract malware binaries when scanning a system. A heap overflow vulnerability in the ASPack unpacker could allow an unauthenticated remote attacker to gain root privileges on Linux or OSX platforms. The vulnerability can be triggered remotely using a malicious file (via email or link) with no user interaction. [2]

CVE-2016-2209 

  • Symantec: PowerPoint misaligned stream-cache remote stack buffer overflow [3]

CVE-2016-2210

  • Symantec: Remote Stack Buffer Overflow in dec2lha library [4]         

CVE-2016-2211

  • Symantec: Symantec Antivirus multiple remote memory corruption unpacking MSPACK Archives [5]

CVE-2016-3644

  • Symantec: Heap overflow modifying MIME messages [6]      

CVE-2016-3645

  • Symantec: Integer Overflow in TNEF decoder [7]       

CVE-2016 -3646

  • Symantec: missing bounds checks in dec2zip ALPkOldFormatDecompressor::UnShrink [8]

 

Impact

The large number of products affected (24 products), across multiple platforms (OSX, Windows, and Linux), and the severity of these vulnerabilities (remote code execution at root or SYSTEM privilege) make this a very serious event. A remote, unauthenticated attacker may be able to run arbitrary code at root or SYSTEM privileges by taking advantage of these vulnerabilities. Some of the vulnerabilities require no user interaction and are network-aware, which could result in a wormable-event.

Solution

Symantec has provided patches or hotfixes to these vulnerabilities in their SYM16-008 [9] and SYM16-010 [10] security advisories.

US-CERT encourages users and network administrators to patch Symantec or Norton antivirus products immediately. While there has been no evidence of exploitation, the ease of attack, widespread nature of the products, and severity of the exploit may make this vulnerability a popular target.

References

Revision History

  • July 5, 2016: Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.