Original release date: July 18, 2016

Drupal has released an advisory to address a vulnerability in Drupal core 8.x versions prior to 8.1.7. Exploitation of  this vulnerability could allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Drupal’s Security Advisory and apply the necessary update.

---

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 18, 2016

Apple has released security updates for iTunes, Safari, tvOS, watchOS, iOS, and OS X El Captain. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

• iTunes 12.4.2 for Windows 7 and later
• Safari 9.1.2 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.6
• tvOS 9.2.1 for Apple TV (4th generation)
• watchOS 2.2.2 for Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes
• iOS 9.3.3 for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
• OS X El Capitan v10.11.6 and Security Update 2016-004 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later

US-CERT encourages users and administrators to review Apple security updates for iTunes, Safari, tvOS, watchOS, iOS, and OS X El Captain and apply the necessary updates.

---

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 18, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

• Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

• Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

---

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 14, 2016

Cisco has released security updates to address vulnerabilities in two products. Exploitation of one of these vulnerabilities could allow an unauthenticated remote attacker to take control of an affected system.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

• Cisco ASR 5000 Series SNMP Community String Disclosure Vulnerability
• Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability

 

---

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 12, 2016

Microsoft has released 11 updates to address vulnerabilities in Microsoft software. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS16-084 through MS16-094 and apply the necessary updates.

---

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 12, 2016

Adobe has released security updates to address vulnerabilities in Acrobat, Flash Player, Reader, and XMP Tookit for Java. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system

Users and administrators are encouraged to review Adobe Security Bulletins APSB16-24, APSB16-25, and APSB16-26 and apply the necessary updates.

---

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 11, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

• Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

• Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

---

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 05, 2016

Systems Affected

All Symantec and Norton branded antivirus products

Overview

Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.

Description

The vulnerabilities are listed below:

CVE-2016-2207

• Symantec Antivirus multiple remote memory corruption unpacking RAR [1]

CVE-2016-2208

• Symantec antivirus products use common unpackers to extract malware binaries when scanning a system. A heap overflow vulnerability in the ASPack unpacker could allow an unauthenticated remote attacker to gain root privileges on Linux or OSX platforms. The vulnerability can be triggered remotely using a malicious file (via email or link) with no user interaction. [2]

CVE-2016-2209 

• Symantec: PowerPoint misaligned stream-cache remote stack buffer overflow [3]

CVE-2016-2210

• Symantec: Remote Stack Buffer Overflow in dec2lha library [4]         

CVE-2016-2211

• Symantec: Symantec Antivirus multiple remote memory corruption unpacking MSPACK Archives [5]

CVE-2016-3644

• Symantec: Heap overflow modifying MIME messages [6]      

CVE-2016-3645

• Symantec: Integer Overflow in TNEF decoder [7]       

CVE-2016 -3646

• Symantec: missing bounds checks in dec2zip ALPkOldFormatDecompressor::UnShrink [8]

 

Impact

The large number of products affected (24 products), across multiple platforms (OSX, Windows, and Linux), and the severity of these vulnerabilities (remote code execution at root or SYSTEM privilege) make this a very serious event. A remote, unauthenticated attacker may be able to run arbitrary code at root or SYSTEM privileges by taking advantage of these vulnerabilities. Some of the vulnerabilities require no user interaction and are network-aware, which could result in a wormable-event.

Solution

Symantec has provided patches or hotfixes to these vulnerabilities in their SYM16-008 [9] and SYM16-010 [10] security advisories.

US-CERT encourages users and network administrators to patch Symantec or Norton antivirus products immediately. While there has been no evidence of exploitation, the ease of attack, widespread nature of the products, and severity of the exploit may make this vulnerability a popular target.

References

• [1] Symantec Antivirus multiple remote memory corruption unpacking RAR
• [2] How to Compromise the Enterprise Endpoint
• [3] Symantec: PowerPoint misaligned stream-cache remote stack buffer overflow
• [4] Symantec: Remote Stack Buffer Overflow in dec2lha library
• [5] Symantec: Symantec Antivirus multiple remote memory corruption unpacking MSPACK Archives
• [6] Symantec: Heap overflow modifying MIME messages
• [7] Symantec: Integer Overflow in TNEF decoder
• [8] Symantec: missing bounds checks in dec2zip ALPkOldFormatDecompressor::UnShrink
• [9] Symantec SYM16-008 security advisory
• [10] Symantec SYM16-010 security advisory

Revision History

• July 5, 2016: Initial Release

---

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 04, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

• Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

• Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

---

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: June 30, 2016

Cisco has released security updates to address vulnerabilities in several products. Exploitation of some of these vulnerabilities could allow an unauthenticated remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

• Cisco Prime Infrastructure and EPNM Authentication Bypass API Vulnerability
• Cisco Prime Collaboration Provisioning LDAP Authentication Bypass Vulnerability
• Cisco Firepower System Software Static Credential Vulnerability

---

This product is provided subject to this Notification and this Privacy & Use policy.