Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Original release date: February 24, 2015

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of these vulnerabilities may allow a remote attacker to obtain sensitive information or execute arbitrary code on an affected system.

Updates available include:

  • Firefox 36
  • Firefox ESR 31.5
  • Thunderbird 31.5

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, and Thunderbird and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

SB15-054: Vulnerability Summary for the Week of February 16, 2015

Original release date: February 23, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — desktop_collaboration_experience_dx650 The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947. 2015-02-19 7.2 CVE-2015-0584
cisco — ios Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCuj96752. 2015-02-15 7.1 CVE-2015-0609
XF
SECTRACK
BID
cisco — telepresence_mcu_4500_series_software Cisco TelePresence MCU devices with software 4.5(1.45) allow remote attackers to cause a denial of service (device reload) via an unspecified series of TCP packets, aka Bug ID CSCur50347. 2015-02-17 7.8 CVE-2015-0621
XF
SECTRACK
BID
cisco — wireless_lan_controller The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the Signature Events Summary page, aka Bug ID CSCus46861. 2015-02-18 7.1 CVE-2015-0622
elasticsearch — elasticsearch The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. 2015-02-17 7.5 CVE-2015-1427
XF
BID
BUGTRAQ
MISC
emc — documentum_d2 The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions. 2015-02-14 9.0 CVE-2015-0518
XF
SECTRACK
BID
BUGTRAQ
google — android Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values. 2015-02-15 10.0 CVE-2015-1474
CONFIRM
infoblox — netmri Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request. 2015-02-20 10.0 CVE-2015-2033
MISC
MISC
lexmark — markvision_enterprise Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive. 2015-02-16 9.0 CVE-2014-9375
MISC
lg — on-screen_phone LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request. 2015-02-17 8.3 CVE-2014-8757
XF
BID
BID
BUGTRAQ
FULLDISC
MISC
maarch — gec/ged Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/. 2015-02-19 7.5 CVE-2015-1587
EXPLOIT-DB
MISC
OSVDB
MISC
mit — kerberos The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind. 2015-02-19 9.0 CVE-2014-5352
CONFIRM
CONFIRM
mit — kerberos The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind. 2015-02-19 9.0 CVE-2014-9421
CONFIRM
CONFIRM
motorola — motorola_scanner_sdk Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors. 2015-02-16 7.2 CVE-2015-1496
MISC
MISC
MISC
persistent_systems — radia_client_automation radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465. 2015-02-16 10.0 CVE-2015-1497
MISC
persistent_systems — radia_client_automation Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via a addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or other unspecified impact. 2015-02-16 10.0 CVE-2015-1498
MISC
powerpc-utils_project — powerpc-utils scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. 2015-02-19 10.0 CVE-2014-8165
CONFIRM
XF
BID
MLIST
samsung — samsung_security_manager The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. 2015-02-16 8.5 CVE-2015-1499
XF
MISC
sixapart — movabletype Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors. 2015-02-19 7.5 CVE-2015-1592
XF
BID
MLIST
MLIST
softsphere — defensewall_personal_firewall The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call. 2015-02-19 7.2 CVE-2015-1515
OSVDB
EXPLOIT-DB

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adminsystems_cms_project — adminsystems_cms Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id parameter in a users_users action to asys/site/system.php. 2015-02-19 4.3 CVE-2015-1603
CONFIRM
BID
MLIST
MLIST
MLIST
MISC
MISC
FULLDISC
MISC
adminsystems_cms_project — adminsystems_cms Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/. 2015-02-19 6.5 CVE-2015-1604
CONFIRM
BID
MLIST
MLIST
MLIST
MISC
FULLDISC
MISC
almail — al-mail32 Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment. 2015-02-20 5.8 CVE-2015-0878
almail — al-mail32 CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment. 2015-02-20 4.3 CVE-2015-0879
almail — al-mail32 Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attackers to execute arbitrary code via a long filename of an attachment. 2015-02-20 6.8 CVE-2015-0880
apache — tomcat java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. 2015-02-15 6.4 CVE-2014-0227
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
apple — cups Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. 2015-02-19 6.8 CVE-2014-9679
CONFIRM
BID
MLIST
MLIST
cisco — adaptive_security_appliance_software Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533. 2015-02-16 4.0 CVE-2014-8023
XF
SECTRACK
BID
cisco — asr_5000_series_software Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices allow remote attackers to cause a denial of service (CPU consumption and SNMP outage) via malformed SNMP packets, aka Bug ID CSCur13393. 2015-02-17 5.0 CVE-2015-0617
XF
SECTRACK
cisco — telepresence_management_suite The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494. 2015-02-17 4.0 CVE-2015-0620
XF
SECTRACK
cisco — web_security_appliance Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus40627. 2015-02-18 4.3 CVE-2015-0623
cisco — hosted_collaboration_solution The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114. 2015-02-18 4.3 CVE-2015-0626
cisco — web_security_appliance The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174. 2015-02-19 5.0 CVE-2015-0628
e2fsprogs_project — e2fsprogs Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. 2015-02-17 4.6 CVE-2015-0247
MISC
CONFIRM
XF
BID
BUGTRAQ
MANDRIVA
MISC
FEDORA
CONFIRM
easing_slider — easing_slider Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easingslider_manage_customizations or (2) easingslider_edit_sliders page to wp-admin/admin.php. 2015-02-16 4.3 CVE-2015-1436
MISC
XF
BID
BUGTRAQ
MISC
ektron — ektron_content_management_system The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue. 2015-02-13 5.0 CVE-2015-0923
CERT-VN
ektron — ektron_content_management_system Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a “resource injection” issue. 2015-02-13 6.8 CVE-2015-0931
CERT-VN
emc — documentum_d2 The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file. 2015-02-14 4.0 CVE-2015-0517
XF
SECTRACK
BID
BUGTRAQ
exponentcms — exponent_cms Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) “First Name” or (4) “Last Name” field to users/edituser. 2015-02-19 4.3 CVE-2014-8690
XF
EXPLOIT-DB
MISC
OSVDB
OSVDB
CONFIRM
fancybox_project — fancybox The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the mfbfw parameter in an update action to wp-admin/admin-post.php, as exploited in the wild in February 2015. 2015-02-17 4.3 CVE-2015-1494
MISC
CONFIRM
BID
MLIST
MISC
fastcgi — fcgi FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections. 2015-02-19 5.0 CVE-2012-6687
CONFIRM
CONFIRM
CONFIRM
XF
MLIST
MLIST
fatfreecrm — fat_free_crm Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) attacks via a request without the authenticity_token, as demonstrated by a crafted HTML page that creates a new administrator account. 2015-02-19 6.8 CVE-2015-1585
CONFIRM
XF
BUGTRAQ
MISC
google — email The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of service (persistent application crash) via a “Content-Disposition: ;” header in an e-mail message. 2015-02-15 5.0 CVE-2015-1574
BUGTRAQ
FULLDISC
MISC
MLIST
MLIST
MISC
google_doc_embedder — google_doc_embedder Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php. 2015-02-19 4.3 CVE-2015-1879
BID
MISC
hp — universal_configuration_management_database HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response. 2015-02-15 5.0 CVE-2014-7883
SECTRACK
ibm — curam_social_program_management Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion is enabled, allows remote attackers to obtain sensitive user data by visiting an unspecified page. 2015-02-13 4.3 CVE-2014-4804
XF
ibm — tivoli_endpoint_manager Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-02-15 4.3 CVE-2014-6113
XF
ibm — tivoli_endpoint_manager Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-02-15 4.3 CVE-2014-6137
XF
BID
ibm — change_and_configuration_management_database Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname. 2015-02-16 4.0 CVE-2014-6194
XF
ibm — content_navigator Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML via the Accept-Language HTTP header. 2015-02-13 4.3 CVE-2014-8911
XF
ibm — change_and_configuration_management_database Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0109. 2015-02-17 4.3 CVE-2015-0108
XF
image_metadata_cruncher_project — image_metadata_cruncher Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_cruncher[alt] or (2) image_metadata_cruncher parameter in an update action in the image_metadata_cruncher_title page to wp-admin/options.php or (3) custom image meta tag to the image metadata cruncher page. 2015-02-19 6.8 CVE-2015-1614
XF
BUGTRAQ
BUGTRAQ
MISC
instantasp — instantforum Multiple cross-site scripting (XSS) vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script or HTML via the SessionID parameter to (1) Join.aspx or (2) Logon.aspx. 2015-02-19 4.3 CVE-2014-9468
MISC
FULLDISC
isc — bind named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. 2015-02-18 5.4 CVE-2015-1349
kallithea — kallithea RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method. 2015-02-16 4.0 CVE-2015-0260
XF
BID
MLIST
mcafee — data_loss_prevention_endpoint SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors. 2015-02-17 6.5 CVE-2015-1616
mcafee — data_loss_prevention_endpoint The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. 2015-02-17 4.0 CVE-2015-1618
mit — kerberos MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a ” character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the ” character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c. 2015-02-20 5.0 CVE-2014-5355
CONFIRM
mit — kerberos The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial “kadmind” substring, as demonstrated by a “ka/x” principal. 2015-02-19 6.1 CVE-2014-9422
CONFIRM
CONFIRM
mit — kerberos The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field. 2015-02-19 5.0 CVE-2014-9423
CONFIRM
CONFIRM
motorola — motorola_scanner_sdk Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx. 2015-02-16 6.8 CVE-2015-1495
MISC
MISC
mylittleforum — my_little_forum Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php. 2015-02-16 6.5 CVE-2015-1434
MISC
XF
BID
BUGTRAQ
MISC
mylittleforum — my_little_forum Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php. 2015-02-16 4.3 CVE-2015-1435
MISC
XF
BID
BUGTRAQ
MISC
open-xchange — open-xchange_appsuite Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the “folder identifier.” 2015-02-17 4.0 CVE-2014-9466
XF
SECTRACK
BID
BUGTRAQ
MISC
pivotal — spring_framework Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. 2015-02-19 5.0 CVE-2014-3578
REDHAT
REDHAT
CONFIRM
pnmsoft — sequence_kinetics Multiple cross-site scripting (XSS) vulnerabilities in the tables-management module in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-02-19 4.3 CVE-2014-6301
MISC
pnmsoft — sequence_kinetics The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. 2015-02-19 5.0 CVE-2014-6302
MISC
pnmsoft — sequence_kinetics The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 do not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. 2015-02-19 5.0 CVE-2014-6303
MISC
pnmsoft — sequence_kinetics The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors. 2015-02-19 5.0 CVE-2014-6304
MISC
redhat — jboss_enterprise_application_platform The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role. 2015-02-13 4.0 CVE-2014-7849
XF
SECTRACK
redhat — jboss_enterprise_application_platform The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute. 2015-02-13 4.0 CVE-2014-7853
XF
SECTRACK
redhat — jboss_weld Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state. 2015-02-13 4.3 CVE-2014-8122
CONFIRM
CONFIRM
CONFIRM
MISC
XF
SECTRACK
rhodecode — rhodecode_enterprise RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method. 2015-02-16 4.0 CVE-2015-1613
siemens — simatic_step_7 Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user’s privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file. 2015-02-17 4.4 CVE-2015-1356
siemens — wincc The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. 2015-02-17 5.0 CVE-2015-1358
solarwinds — server_and_application_monitor Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.load or (2) factory.load. 2015-02-16 6.8 CVE-2015-1500
MISC
solarwinds — server_and_application_monitor The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafted binary. 2015-02-16 6.8 CVE-2015-1501
MISC
squid-cache — squid CRLF injection vulnerability in Squid before 3.1.10 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. 2015-02-20 4.3 CVE-2015-0881
tibco — activematrix_management_agent The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors. 2015-02-18 6.4 CVE-2014-5286
CONFIRM
topline_systems — opportunity_form Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors. 2015-02-15 4.0 CVE-2015-1608
x.org — xorg-server X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. 2015-02-13 6.4 CVE-2015-0255
DEBIAN
xen — xen The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an invalid value to the GICD.SGIR register. 2015-02-16 4.9 CVE-2015-0268
XF
SECTRACK
BID
zarafa — webapp senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. 2015-02-19 5.0 CVE-2014-9465
CONFIRM
CONFIRM
MLIST
MLIST
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
d-bus_project — d-bus D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. 2015-02-13 1.9 CVE-2015-0245
MLIST
DEBIAN
emc — captiva_capture The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file. 2015-02-14 2.1 CVE-2015-0519
XF
MISC
BUGTRAQ
gnu — cpio cpio 2.11, when using the –no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. 2015-02-19 1.9 CVE-2015-1197
MLIST
MISC
BID
MLIST
MLIST
ibm — change_and_configuration_management_database IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation. 2015-02-16 2.1 CVE-2014-6102
XF
ibm — flex_system_manager IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation attacks, via unspecified vectors. 2015-02-18 2.1 CVE-2014-6147
XF
AIXAPAR
ibm — tivoli_storage_manager The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors. 2015-02-13 1.9 CVE-2014-6195
XF
ibm — change_and_configuration_management_database Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-0104, CVE-2015-0107, and CVE-2015-0108. 2015-02-17 3.5 CVE-2015-0109
XF
mcafee — data_loss_prevention_endpoint Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-02-17 3.5 CVE-2015-1617
mcafee — email_gateway Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. 2015-02-17 3.5 CVE-2015-1619
okb.co.jp — smartphone_passbook The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a file. 2015-02-14 1.8 CVE-2015-0875
phusion — passenger Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. 2015-02-19 2.1 CVE-2014-1831
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
FEDORA
phusion — passenger Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831. 2015-02-19 2.1 CVE-2014-1832
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
FEDORA
redhat — jboss_enterprise_application_platform The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. 2015-02-13 3.5 CVE-2014-7827
XF
SECTRACK
siemens — simatic_step_7 Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack. 2015-02-17 2.1 CVE-2015-1355
webform_prepopulate_block_project — webform_prepopulate_block Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-02-17 3.5 CVE-2015-1621
MLIST

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Lenovo Computers Vulnerable to HTTPS Spoofing

Original release date: February 20, 2015

Lenovo consumer personal computers employing the pre-installed Superfish Visual Discovery software contain a critical vulnerability through a compromised root CA certificate. Exploitation of this vulnerability could allow a remote attacker to read all encrypted web browser traffic (HTTPS), successfully impersonate (spoof) any website, or perform other attacks on the affected system.

US-CERT recommends users and administrators review Vulnerability Note VU#529496 and US-CERT Alert TA15-051A for additional information and mitigation details.


This product is provided subject to this Notification and this Privacy & Use policy.

TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

Original release date: February 20, 2015

Systems Affected

Lenovo consumer PCs that have Superfish VisualDiscovery installed and potentially others.

Overview

Superfish adware installed on some Lenovo PCs install a non-unique trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic.

Description

Starting in September 2014, Lenovo pre-installed Superfish VisualDiscovery spyware on some of their PCs.  However, Superfish was reportedly bundled with other applications as early as 2010. This software intercepts users’ web traffic to provide targeted advertisements.  In order to intercept encrypted connections (those using HTTPS), the software installs a trusted root CA certificate for Superfish. All browser-based encrypted traffic to the Internet is intercepted, decrypted, and re-encrypted to the user’s browser by the application – a classic man-in-the-middle attack.  Because the certificates used by Superfish are signed by the CA installed by the software, the browser will not display any warnings that the traffic is being tampered with.  Since the private key can easily be recovered from the Superfish software, an attacker can generate a certificate for any website that will be trusted by a system with the Superfish software installed.  This means websites, such as banking and email, can be spoofed without a warning from the browser.

Although Lenovo has stated they have discontinued the practice of pre-installing Superfish VisualDiscovery, the systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken.

The underlying SSL decryption library from Komodia has been found to be present on other applications, including KeepMyFamilySecure. Please refer to CERT Vulnerability Note VU#529496 for more details and updates.

To detect a system with Superfish installed, look for a HTTP GET request to:

superfish.aistcdn.com

The full request will look like:

http://superfish.aistcdn.com/set.php?ID=[GUID]&Action=[ACTION]

Where [ACTION] is at least 1, 2, or 3.  1 and then 2 are sent when a computer is turned on. 3 is sent when a computer is turned off.

Impact

A machine with Superfish VisualDiscovery installed will be vulnerable to SSL spoofing attacks without a warning from the browser.

Solution

Uninstall Superfish VisualDiscovery and associated root CA certificate

Uninstall any software that includes the Komodia Redirector and SSL Digestor libraries. In the case of Lenovo PCs, this includes Superfish VisualDiscovery.

It is also necessary to remove affected root CA certificates. Simply uninstalling the software does not remove the certificate. Microsoft provides guidance on deleting and managing certificates in the Windows certificate store. In the case of Superfish VisualDiscovery, the offending trusted root certification authority certificate is issued to “Superfish, Inc.”

Mozilla provides similar guidance for their software, including the Firefox and Thunderbird certificate stores.

References

Revision History

  • February 20, 2015: Initial release
  • February 20, 2015: Clarified software release dates

This product is provided subject to this Notification and this Privacy & Use policy.

IRS Issues Warning for a Scam Targeting Tax Preparers

Original release date: February 18, 2015

The Internal Revenue Service (IRS) has issued a press release addressing a new spear phishing scam targeting tax preparers and other tax professionals. Scam operators often use fraudulent e-mails to entice their targets to reveal login credentials.

US-CERT encourages users and administrators to review the IRS press release for details and refer to US-CERT Security Tip ST15-001 for information on “tax” themed phishing attacks.


This product is provided subject to this Notification and this Privacy & Use policy.

ISC Releases Security Updates for BIND

Original release date: February 18, 2015

The Internet Systems Consortium (ISC) has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition.

Updates available include:

  • BIND 9.9.6-P2
  • BIND 9.10.1-P2

Users and administrators are encouraged to review ISC Knowledge Base Article AA-01235 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases February 2015 Security Bulletin

Original release date: February 10, 2015

Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for February 2015. Some of these vulnerabilities could allow remote code execution, security feature bypass, elevation of privilege, or disclosure of information.

US-CERT encourages users and administrators to review Microsoft Security Bulletin Summary MS15-FEB and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases Critical Security Update for Internet Explorer

Original release date: February 10, 2015

Microsoft has released a critical security update to address multiple vulnerabilities in Internet Explorer. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system if the user views a specially crafted webpage.

Users and administrators are encouraged to review Microsoft Bulletin MS15-009 for details and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Update for Chrome OS

Original release date: February 10, 2015

Google has released Chrome OS 40.0.2214.114 for Chrome devices to address multiple vulnerabilities. Exploitation of one these vulnerabilities could allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Google Chrome blog entry and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases Critical Security Bulletin

Original release date: February 10, 2015

Microsoft has released Security Bulletin MS15-011 to address a critical vulnerability in Windows. Exploitation of this vulnerability could allow a remote attacker to take complete control of an affected system. 

This security update contains a new policy feature (UNC Hardened Access) which is not enabled by default. To enable this feature, a system administrator must deploy the update, then apply the Group Policy settings described in the bulletin. For complete protection against this vulnerability, system reboots are required. Other than the update and configuration instructions contained in the Security Bulletin, there are no known workarounds or mitigations for this vulnerability. Updates are not available for Windows XP, Windows Server 2003, or Windows 2000.           

US-CERT strongly recommends administrators prioritize the application of the patch, and concurrently review and test the necessary configuration changes discussed in the associated Knowledge Base article (KB3000483).


This product is provided subject to this Notification and this Privacy & Use policy.