The PayPal Inc GP+ online service web application suffered from cross site scripting vulnerabilities.
All posts by 007admin
SB14-279: Vulnerability Summary for the Week of September 29, 2014
Original release date: October 06, 2014
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| belkin — n300 | The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header. | 2014-09-29 | 8.3 | CVE-2013-3092 MISC MISC |
| gentoo — portage | The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate. | 2014-09-29 | 9.3 | CVE-2013-2100 XF BID MLIST MLIST |
| gnu — bash | GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. | 2014-09-27 | 10.0 | CVE-2014-6277 CONFIRM CONFIRM CONFIRM SECUNIA MISC |
| gnu — bash | GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. | 2014-09-30 | 10.0 | CVE-2014-6278 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA MISC |
| gnu — bash | The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the “redir_stack” issue. | 2014-09-28 | 10.0 | CVE-2014-7186 CONFIRM CONFIRM CONFIRM SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA MLIST MLIST MLIST |
| gnu — bash | Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the “word_lineno” issue. | 2014-09-28 | 10.0 | CVE-2014-7187 CONFIRM CONFIRM CONFIRM SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA MLIST MLIST MLIST |
| ibm — websphere_datapower_xc10_appliance | Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network. | 2014-10-01 | 10.0 | CVE-2014-3059 XF AIXAPAR |
| ibm — websphere_datapower_xc10_appliance | Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie. | 2014-10-01 | 10.0 | CVE-2014-3060 XF |
| ibm — qradar_security_information_and_event_manager | Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 MR2 allows remote attackers to execute arbitrary code via unknown vectors. | 2014-09-27 | 9.3 | CVE-2014-3062 XF |
| ibm — security_access_manager_for_web_appliance | The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors. | 2014-10-02 | 7.1 | CVE-2014-4809 XF |
| ibm — security_access_manager_for_mobile_appliance | The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. | 2014-10-02 | 10.0 | CVE-2014-4823 XF |
| infusionsoft_gravity_forms_project — infusionsoft_gravity_forms | The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php. | 2014-09-26 | 7.5 | CVE-2014-6446 MISC |
| juniper — juniper_installer_service_client | Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.0R6 allows local users to gain privileges via unspecified vectors. | 2014-09-29 | 7.2 | CVE-2014-3811 |
| libvncserver — libvncserver | Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow. | 2014-09-30 | 7.5 | CVE-2014-6051 MISC CONFIRM CONFIRM MLIST SECUNIA MLIST FEDORA FEDORA |
| linksys — ea6500 | Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/. | 2014-09-29 | 7.1 | CVE-2013-3066 MISC MISC |
| linux — linux_kernel | include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface. | 2014-09-28 | 7.8 | CVE-2014-3535 CONFIRM CONFIRM CONFIRM |
| linux — linux_kernel | The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple “keyctl newring” operations followed by a “keyctl timeout” operation. | 2014-09-28 | 7.2 | CVE-2014-3631 CONFIRM CONFIRM CONFIRM CONFIRM |
| linux — linux_kernel | Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket. | 2014-09-28 | 7.8 | CVE-2014-6416 CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket. | 2014-09-28 | 7.8 | CVE-2014-6417 CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM |
| linux — linux_kernel | net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor. | 2014-09-28 | 7.1 | CVE-2014-6418 CONFIRM CONFIRM MLIST CONFIRM CONFIRM CONFIRM |
| linux — linux_kernel | The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals. | 2014-09-28 | 7.8 | CVE-2014-7145 CONFIRM BID MLIST CONFIRM |
| openmediavault — openmediavault | The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter. | 2014-09-29 | 9.0 | CVE-2013-3632 MISC MISC BID EXPLOIT-DB OSVDB |
| plone — plone | The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing. | 2014-09-30 | 8.5 | CVE-2012-5487 CONFIRM MLIST |
| plone — plone | gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. | 2014-09-30 | 8.5 | CVE-2012-5493 CONFIRM MLIST |
| wordpress — wordpress | SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable. | 2014-10-01 | 7.5 | CVE-2003-1598 XF BID MISC SECUNIA MLIST OSVDB |
| xen — xen | The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors. | 2014-10-02 | 8.3 | CVE-2014-7188 |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — apache_axis2/c | Apache Axis2/C does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 2014-09-29 | 4.3 | CVE-2012-6107 CONFIRM XF BID MLIST |
| apachefriends — xampp | XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method. | 2014-09-29 | 4.3 | CVE-2013-2586 XF BID EXPLOIT-DB MISC OSVDB BUGTRAQ |
| belkin — f5d8236-4_v2 | Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters. | 2014-09-29 | 6.8 | CVE-2013-3083 MISC |
| belkin — n900 | Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports. | 2014-09-29 | 6.8 | CVE-2013-3086 MISC MISC |
| belkin — n300 | Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration. | 2014-09-29 | 6.8 | CVE-2013-3089 MISC MISC |
| call-cc — chicken | Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. | 2014-09-29 | 4.4 | CVE-2013-1874 XF BID OSVDB MLIST CONFIRM |
| cisco — linksys_wrt310n_router_firmware | Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports. | 2014-09-29 | 6.8 | CVE-2013-3068 MISC MISC |
| codeasily — grand_flagallery | Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. | 2014-10-01 | 4.3 | CVE-2011-4624 BID BUGTRAQ BUGTRAQ MLIST CONFIRM BUGTRAQ |
| contactus — contact_form_7_integrations | Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter. | 2014-09-26 | 4.3 | CVE-2014-6445 CONFIRM MISC |
| debian — apt | Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL. | 2014-09-30 | 6.8 | CVE-2014-6273 XF BID |
| drupal — drupal | modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document. | 2014-09-30 | 6.8 | CVE-2014-5267 MLIST CONFIRM |
| ekiga — ekiga | lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings. | 2014-09-29 | 5.0 | CVE-2012-5621 FEDORA CONFIRM CONFIRM XF BID MLIST CONFIRM |
| exinda — wan_optimization_suite | Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch. | 2014-10-02 | 4.3 | CVE-2014-7157 XF BID FULLDISC MISC |
| exinda — wan_optimization_suite | Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch. | 2014-10-02 | 6.8 | CVE-2014-7158 XF BID FULLDISC MISC |
| google — nexus_7 | Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report. | 2014-09-28 | 6.9 | CVE-2014-3186 CONFIRM CONFIRM MLIST CONFIRM |
| haproxy — haproxy | Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read. | 2014-09-30 | 5.0 | CVE-2014-6269 MLIST SECUNIA SECUNIA REDHAT CONFIRM MLIST MLIST |
| hibernate — hibernate_validator | ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application. | 2014-09-30 | 5.0 | CVE-2014-3558 CONFIRM MISC |
| hp — mpio_device_specific_module_manager | Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors. | 2014-09-28 | 4.6 | CVE-2014-2639 |
| hp — system_management_homepage | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-10-01 | 4.3 | CVE-2014-2640 |
| hp — system_management_homepage | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | 2014-10-01 | 6.0 | CVE-2014-2641 |
| hp — system_management_homepage | HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 2014-10-01 | 4.3 | CVE-2014-2642 |
| ibm — tivoli_federated_identity_manager | Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0-TIV-TFIM-IF0015, 6.2.1 before 6.2.1-TIV-TFIM-IF0007, and 6.2.2 before 6.2.2-TIV-TFIM-IF0011 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2014-10-01 | 4.3 | CVE-2014-3097 |
| ibm — change_and_configuration_management_database | IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message. | 2014-10-01 | 5.0 | CVE-2014-4765 XF |
| ibm — websphere_mq | IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors. | 2014-10-01 | 6.5 | CVE-2014-4793 XF |
| ibm — security_access_manager_for_mobile_appliance | Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2014-10-02 | 4.3 | CVE-2014-6079 XF |
| jboss — red_hat_jboss_data_virtualization | Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue. | 2014-09-30 | 4.3 | CVE-2014-0170 XF SECTRACK SECUNIA |
| juniper — junos_pulse_access_control_service | Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors. | 2014-09-29 | 4.3 | CVE-2014-3820 |
| juniper — junos_pulse_secure_access_service | The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 2014-09-29 | 4.3 | CVE-2014-3823 |
| juniper — junos_pulse_secure_access_service | Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-09-29 | 4.3 | CVE-2014-3824 CONFIRM |
| libvncserver — libvncserver | Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message. | 2014-09-30 | 6.5 | CVE-2014-6055 MISC CONFIRM CONFIRM CONFIRM XF BID MLIST SECUNIA MLIST FEDORA FEDORA |
| linksys — ea6500 | Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the target parameter. | 2014-09-29 | 6.8 | CVE-2013-3064 MISC MISC |
| linux — linux_kernel | The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket. | 2014-09-28 | 4.9 | CVE-2012-6657 CONFIRM CONFIRM MLIST CONFIRM |
| linux — linux_kernel | The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count. | 2014-09-28 | 6.9 | CVE-2014-0205 CONFIRM CONFIRM CONFIRM |
| linux — linux_kernel | Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. | 2014-09-28 | 6.9 | CVE-2014-3181 CONFIRM MISC CONFIRM MLIST CONFIRM |
| linux — linux_kernel | Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value. | 2014-09-28 | 6.9 | CVE-2014-3182 CONFIRM MISC MLIST |
| linux — linux_kernel | Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report. | 2014-09-28 | 6.9 | CVE-2014-3183 CONFIRM MLIST |
| linux — linux_kernel | The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. | 2014-09-28 | 4.7 | CVE-2014-3184 CONFIRM MLIST |
| linux — linux_kernel | Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. | 2014-09-28 | 6.9 | CVE-2014-3185 MLIST |
| linux — linux_kernel | The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode. | 2014-09-28 | 4.7 | CVE-2014-6410 CONFIRM CONFIRM BID MLIST |
| mailchimp — easy_mailchimp_forms_plugin | Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php. | 2014-09-26 | 4.3 | CVE-2014-7152 CONFIRM MISC |
| mediawiki — mediawiki | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file. | 2014-09-30 | 4.3 | CVE-2014-7199 CONFIRM MLIST DEBIAN SECUNIA |
| openfiler — openfiler | Multiple cross-site request forgery (CSRF) vulnerabilities in Openfiler 2.99.1 allow remote attackers to hijack the authentication of administrators for requests that (1) shutdown or (2) reboot the server via a request to admin/system_shutdown.html. | 2014-09-30 | 6.8 | CVE-2014-7190 BID FULLDISC MISC |
| openstack — keystone | The catalog url replacement in Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by “$(admin_token)” in the publicurl endpoint field. | 2014-10-02 | 4.0 | CVE-2014-3621 CONFIRM |
| openstack — neutron | OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | 2014-10-02 | 4.0 | CVE-2014-6414 MLIST |
| openstack — keystonemiddleware | OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the “insecure” option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. | 2014-10-02 | 4.3 | CVE-2014-7144 |
| plone — plone | registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. | 2014-09-30 | 6.8 | CVE-2012-5485 CONFIRM MLIST |
| plone — plone | ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. | 2014-09-30 | 6.4 | CVE-2012-5486 CONFIRM MLIST |
| plone — plone | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. | 2014-09-30 | 5.0 | CVE-2012-5488 CONFIRM MLIST |
| plone — plone | The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors. | 2014-09-30 | 6.5 | CVE-2012-5489 CONFIRM CONFIRM MLIST |
| plone — plone | Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-09-30 | 4.3 | CVE-2012-5490 CONFIRM MLIST |
| plone — plone | z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. | 2014-09-30 | 4.3 | CVE-2012-5491 CONFIRM MLIST |
| plone — plone | uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL. | 2014-09-30 | 5.0 | CVE-2012-5492 CONFIRM MLIST |
| plone — plone | Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to “{u,}translate.” | 2014-09-30 | 4.3 | CVE-2012-5494 CONFIRM MLIST |
| plone — plone | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to “go_back.” | 2014-09-30 | 5.0 | CVE-2012-5495 CONFIRM MLIST |
| plone — plone | kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL. | 2014-09-30 | 5.0 | CVE-2012-5496 CONFIRM MLIST |
| plone — plone | membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL. | 2014-09-30 | 5.0 | CVE-2012-5497 CONFIRM MLIST |
| plone — plone | queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection. | 2014-09-30 | 5.0 | CVE-2012-5498 CONFIRM MLIST MLIST |
| plone — plone | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns. | 2014-09-30 | 5.0 | CVE-2012-5499 CONFIRM MLIST |
| plone — plone | at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. | 2014-09-30 | 5.0 | CVE-2012-5501 CONFIRM MLIST |
| plone — plone | ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors. | 2014-09-30 | 5.0 | CVE-2012-5503 CONFIRM MLIST |
| plone — plone | Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-09-30 | 4.3 | CVE-2012-5504 CONFIRM MLIST |
| plone — plone | atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name. | 2014-09-30 | 5.0 | CVE-2012-5505 CONFIRM MLIST |
| plone — plone | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access. | 2014-09-30 | 5.0 | CVE-2012-5506 CONFIRM MLIST |
| plone — plone | AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation. | 2014-09-30 | 4.3 | CVE-2012-5507 CONFIRM CONFIRM MLIST |
| postfix — postfix | Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. | 2014-10-01 | 6.5 | CVE-2012-0811 CONFIRM BID MLIST MLIST MISC |
| restaurantmis — restaurant_script | Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter. | 2014-09-30 | 4.3 | CVE-2014-6619 XF EXPLOIT-DB MISC OSVDB |
| telerik — asp.net_ajax_radeditor_control | Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes. | 2014-09-26 | 4.3 | CVE-2014-4958 BUGTRAQ MISC CONFIRM |
| tp-link — tl-wr841n | Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. | 2014-09-30 | 4.3 | CVE-2012-6316 BID MLIST |
| tp-link — tl-wdr4300 | Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request. | 2014-09-30 | 4.3 | CVE-2014-4727 XF BID BUGTRAQ FULLDISC MISC |
| tp-link — tl-wdr4300 | The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request. | 2014-09-30 | 5.0 | CVE-2014-4728 XF BID BUGTRAQ FULLDISC MISC |
| xen — xen | Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors. | 2014-10-02 | 6.1 | CVE-2014-7154 |
| xen — xen | The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. | 2014-10-02 | 5.8 | CVE-2014-7155 |
| yorba — geary | Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate. | 2014-09-30 | 4.3 | CVE-2014-5444 CONFIRM SUSE |
| your_online_shop_project — your_online_shop | Cross-site scripting (XSS) vulnerability in Your Online Shop allows remote attackers to inject arbitrary web script or HTML via the products_id parameter. | 2014-09-30 | 4.3 | CVE-2014-6618 XF BID MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| bcron_project — bcron_exec | bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor. | 2014-09-29 | 2.1 | CVE-2012-6110 XF CONFIRM MLIST |
| data_dumper_project — data_dumper | The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. | 2014-09-30 | 2.1 | CVE-2014-4330 CONFIRM CONFIRM XF BID BUGTRAQ MLIST SECUNIA MLIST FULLDISC MISC FEDORA |
| linksys — ea6500 | Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section. | 2014-09-29 | 3.5 | CVE-2013-3065 MISC MISC |
| php — php | The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. | 2014-09-27 | 3.6 | CVE-2014-5459 MISC MLIST |
| phpmyadmin — phpmyadmin | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php. | 2014-10-02 | 3.5 | CVE-2014-7217 CONFIRM CONFIRM |
| plone — plone | Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors. | 2014-09-30 | 3.5 | CVE-2012-5502 CONFIRM MLIST |
| sleuthkit — the_sleuth_kit | The Sleuth Kit (TSK) 4.0.1 does not properly handle “.” (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame. | 2014-09-29 | 2.1 | CVE-2012-5619 CONFIRM MLIST MLIST MANDRIVA FEDORA FEDORA MISC |
| xen — xen | The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors. | 2014-10-02 | 3.3 | CVE-2014-7156 |
This product is provided subject to this Notification and this Privacy & Use policy.
PayPal Here Cross Site Scripting
The PayPal Here mobile notify me online service web application suffered from multiple cross site scripting vulnerabilities.
Fedora 19 Security Update: mediawiki-1.23.5-1.fc19
Resolved Bugs
1148675 – CVE-2014-7295 mediawiki: remove separation of css and js module allowance issue fixed in versions 1.19.20, 1.22.12, and 1.23.5.
1148676 – mediawiki: remove separation of css and js module allowance issue fixed in versions 1.19.20, 1.22.12, and 1.23.5. [fedora-all]<br
* CVE-2014-7295 (bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance.
Fedora 20 Security Update: mediawiki-1.23.5-1.fc20
Resolved Bugs
1148675 – CVE-2014-7295 mediawiki: remove separation of css and js module allowance issue fixed in versions 1.19.20, 1.22.12, and 1.23.5.
1148676 – mediawiki: remove separation of css and js module allowance issue fixed in versions 1.19.20, 1.22.12, and 1.23.5. [fedora-all]<br
* CVE-2014-7295 (bug 70672) SECURITY: OutputPage: Remove separation of css and js module allowance.
TeamSpeak Client 3.0.14 Buffer Overflow
TeamSpeak Client version 3.0.14 suffers from a buffer overflow vulnerability.
CVE-2013-7329
The CGI::Application module 4.50 and earlier for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function. (CVSS:5.0) (Last Update:2014-10-07)
UPDATED VMSA-2014-0010.7 – VMware product updates address critical Bash security vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2014-0010.7
Synopsis: VMware product updates address critical Bash
security vulnerabilities
Issue date: 2014-09-30
Updated on: 2014-10-05
CVE numbers: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186,
CVE-2014-7187, CVE-2014-6277, CVE-2014-6278
- ------------------------------------------------------------------------
1. Summary
VMware product updates address Bash security vulnerabilities.
2. Relevant Releases (Affected products for which remediation is present)
ESX 4.1 without patch ESX410-201410401-SG
ESX 4.0 without patch ESX400-201410401-SG
vCenter Server Appliance prior to 5.5 U2a
vCenter Server Appliance prior to 5.1 U2b
vCenter Server Appliance prior to 5.0 U3b
Horizon DaaS Platform prior to 6.1.1
Horizon DaaS Platform prior to 6.0.2
Horizon DaaS Platform prior to 5.4.3
Horizon Workspace 1.x, 2.x without patch
IT Business Management Suite prior to 1.1.0
IT Business Management Suite prior to 1.0.1
NSX for Multi-Hypervisor 4.2.x prior to 4.2.1
NSX for Multi-Hypervisor 4.1.x prior to 4.1.4
NSX for Multi-Hypervisor 4.0.x prior to 4.0.5
NSX for vSphere 6.1.x prior to 6.1.1
NSX for vSphere 6.0.x prior to 6.0.7
NVP 3.x prior to 3.2.4
vCenter Hyperic Server prior to 5.8.3
vCenter Hyperic Server prior to 5.7.2
vCenter Hyperic Server prior to 5.0.3
vCenter Infrastructure Navigator prior to 5.8.3
vCenter Infrastructure Navigator prior to 5.7.1
vCenter Infrastructure Navigator prior to 2.0.1
vCenter Log Insight prior to 2.0U1
vCenter Operations Manager 5.x without patch
vCenter Orchestrator Appliance 5.5.x prior to 5.5.2.1
vCenter Orchestrator Appliance 5.1.x, 4.x without patch
vCenter Site Recovery Manager prior to 5.5.1.3
vCenter Site Recovery Manager prior to 5.1.2.2
vCenter Support Assistant without patch
vCloud Application Director 5.x, 6.x without patch
vCloud Automation Center 6.x without patch
vCloud Automation Center Application Services 6.x without patch
vCloud Director Appliance prior to 5.5.1.3
vCloud Connector prior to 2.6.1
vCloud Networking and Security prior to 5.5.3.1
vCloud Networking and Security prior to 5.1.4.3
vCloud Usage Meter prior to 3.3.2
vFabric Postgres prior to 9.3.5.1
vFabric Postgres prior to 9.2.9.1
vFabric Postgres prior to 9.1.14.1
View Planner prior to 3.0.1.1
VMware Data Recovery prior to 2.0.4
VMware Mirage Gateway prior to 5.1.1
vSphere App HA prior to 1.1.1
vSphere Big Data Extensions 2.x without patch
vSphere Data Protection 5.x without patch
vSphere Management Assistant 5.5.x without 5.5 EP1
vSphere Management Assistant 5.0.x without 5.0 EP1
vSphere Replication prior to 5.8.0.1
vSphere Replication prior to 5.6.0.2
vSphere Replication prior to 5.5.1.3
vSphere Replication prior to 5.1.2.2
vSphere Storage Appliance prior to 5.5.2
vSphere Storage Appliance 5.1.x without patch
3. Problem Description
a. Bash update for multiple products.
Bash libraries have been updated in multiple products to resolve
multiple critical security issues, also referred to as Shellshock.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifiers CVE-2014-6271, CVE-2014-7169,
CVE-2014-7186, and CVE-2014-7187, CVE-2014-6277, CVE-2014-6278
to these issues.
VMware products have been grouped into the following four
product categories:
I) ESXi and ESX Hypervisor
ESXi is not affected because ESXi uses the Ash shell (through
busybox), which is not affected by the vulnerability reported
for the Bash shell.
ESX has an affected version of the Bash shell. See table 1 for
remediation for ESX.
II) Windows-based products
Windows-based products, including all versions of vCenter Server
running on Windows, are not affected.
III) VMware (virtual) appliances
VMware (virtual) appliances ship with an affected version of Bash.
See table 2 for remediation for appliances.
IV) Products that run on Linux, Android, OSX or iOS (excluding
virtual appliances)
Products that run on Linux, Android, OSX or iOS (excluding
virtual appliances) might use the Bash shell that is part of the
operating system. If the operating system has a vulnerable
version of Bash, the Bash security vulnerability might be
exploited through the product. VMware recommends that customers
contact their operating system vendor for a patch.
MITIGATIONS
VMware encourages restricting access to appliances through
firewall rules and other network layer controls to only trusted IP
addresses. This measure will greatly reduce any risk to these
appliances.
RECOMMENDATIONS
VMware recommends customers evaluate and deploy patches for
affected products in Table 1 and 2 below as these
patches become available.
Column 4 of the following tables lists the action required to
remediate the vulnerability in each release, if a solution is
available.
Table 1 - ESXi and ESX Hypervisor
=================================
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =============
ESXi any ESXi Not affected
ESX 4.1 ESX ESX410-201410401-SG*
ESX 4.0 ESX ESX400-201410401-SG*
* VMware has made VMware ESX 4.0 and 4.1 security patches available
for the Bash shell vulnerability. This security patch release is an
exception to the existing VMware lifecycle policy.
Table 2 - Products that are shipped as a (virtual) appliance.
=============================================================
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= ================
vCenter Server Appliance 5.x Linux 5.5 U2a, 5.1 U2b,
5.0 U3b
Horizon DaaS Platform 5.x, 6.x Linux 6.1.1, 6.0.2,
5.4.3
Horizon Workspace 1.x, 2.x Linux See Section 4
IT Business Management Suite 1.x Linux 1.1.0, 1.0.1
NSX for Multi-Hypervisor 4.x Linux 4.2.1, 4.1.4
4.0.5
NSX for vSphere 6.x Linux 6.1.1, 6.0.7
NVP 3.x Linux 3.2.4
vCenter Converter Standalone 5.x Linux Patch Pending**
vCenter Hyperic Server 5.x Linux 5.8.3, 5.7.2,
5.0.3
vCenter Infrastructure Navigator 2.x, 5.x Linux 5.8.3, 5.7.1,
2.0.1
vCenter Log Insight 1.x, 2.x Linux 2.0 U1
vCenter Operations Manager 5.x Linux See Section 4
vCenter Orchestrator Appliance 4.x, 5.x Linux 5.5.2.1, 5.1.2,
4.2.3 See Section
4
vCenter Site Recovery Manager 5.x Linux 5.5.1.3, 5.1.2.2,
5.0.x**
vCenter Support Assistant 5.x Linux See Section 4
vCloud Application Director 5.x, 6.x Linux See Section 4
vCloud Automation Center 6.x Linux See Section 4
vCloud Automation Center
Application Services 6.x Linux See Section 4
vCloud Director Appliance 5.x Linux 5.5.1.3
vCloud Connector 2.x Linux 2.6.1
vCloud Networking and Security 5.x Linux 5.5.3.1, 5.1.4.3
vCloud Usage Meter 3.x Linux 3.3.2
vFabric Postgres 9.x Linux 9.3.5.1, 9.2.9.1,
9.1.14.1
View Planner 3.x Linux 3.0.1.1
VMware Application Dependency
Planner x.x Linux Patch Pending
VMware Data Recovery 2.x Linux 2.0.4
VMware HealthAnalyzer 5.x Linux Patch Pending
VMware Mirage Gateway 5.x Linux 5.1.1
VMware Socialcast On Premise 2.x Linux Patch Pending
VMware Studio 2.x Linux Patch Pending
VMware Workbench 3.x Linux Patch Pending
vSphere App HA 1.x Linux 1.1.1
vSphere Big Data Extensions 2.x Linux See Section 4
vSphere Data Protection 5.x Linux See Section 4
vSphere Management Assistant 5.x Linux 5.5 EP1, 5.0 EP1
vSphere Replication 5.x Linux 5.8.0.1, 5.6.0.2,
5.5.1.3, 5.1.2.2
vSphere Storage Appliance 5.x Linux 5.5.2, 5.1.3
See Section 4
** This product includes Virtual Appliances that will be updated, the
product
itself is not a Virtual Appliance.
4. Solution
ESX
---
Downloads:
https://www.vmware.com/patchmgr/findPatch.portal
Documentation:
http://kb.vmware.com/kb/2090859
http://kb.vmware.com/kb/2090853
vCenter Server Appliance
------------------------
Downloads:
https://my.vmware.com/web/vmware/details?productId=353&downloadGroup=VC55U2
(scroll down to 5.5 Update 2a Appliance)
https://my.vmware.com/web/vmware/details?productId=285&downloadGroup=VCL-VS
P510-VC-51U2A
(scroll down to 5.1 Update 2b Appliance)
https://my.vmware.com/web/vmware/details?productId=229&downloadGroup=VC50U3
A
(scroll down to 5.0 Update 3b Appliance)
Documentation:
http://kb.vmware.com/kb/2091085
http://kb.vmware.com/kb/2091018
http://kb.vmware.com/kb/2091017
Horizon DaaS Platform
---------------------
Downloads:
https://my.vmware.com/web/vmware/details?productId=405&rPId=6527&downloadGr
oup=HORIZON-DAAS-610-BIN
https://my.vmware.com/web/vmware/details?productId=405&downloadGroup=HORIZO
N-DAAS-602
https://my.vmware.com/web/vmware/details?downloadGroup=HORIZON-DAAS-ONPREM-
540&productId=398
Documentation:
http://kb.vmware.com/kb/2091183
Horizon Workspace
-----------------
Downloads:
(Scroll down to the relevant download)
Workspace Portal 2.1.0 ->
https://my.vmware.com/web/vmware/details?productId=419&rPId=6533&downloadGr
oup=HZNP210
Workspace Portal 2.0.0 ->
https://my.vmware.com/web/vmware/details?productId=419&rPId=6533&downloadGr
oup=HZNWS200
Horizon Workspace 1.8.2 ->
https://my.vmware.com/web/vmware/details?productId=399&rPId=6083&downloadGr
oup=HZNWS182
Horizon Workspace 1.8.1 ->
https://my.vmware.com/web/vmware/details?productId=399&rPId=6083&downloadGr
oup=HZNWS181
Horizon Workspace 1.8.0 ->
https://my.vmware.com/web/vmware/details?productId=399&rPId=6083&downloadGr
oup=HZNWS180
Horizon Workspace 1.5.2 ->
https://my.vmware.com/web/vmware/details?productId=350&rPId=4768&downloadGr
oup=HZNWS152
Horizon Workspace 1.5.1 ->
https://my.vmware.com/web/vmware/details?productId=350&rPId=4768&downloadGr
oup=HZNWS151
Horizon Workspace 1.5.0 ->
https://my.vmware.com/web/vmware/details?productId=350&rPId=4768&downloadGr
oup=HZNWS150
Documentation:
http://kb.vmware.com/kb/2091067
IT Business Management Suite
----------------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=ITBM-STD-110&product
Id=384&rPId=6384
https://my.vmware.com/web/vmware/details?downloadGroup=ITBM-STD-101&product
Id=385&rPId=6333
Documentation:
http://kb.vmware.com/kb/2091014
http://kb.vmware.com/kb/2091013
NSX for Multi-Hypervisor
------------------------
Downloads:
https://my.vmware.com/group/vmware/get-download?downloadGroup=NSX-MH-421
https://my.vmware.com/group/vmware/get-download?downloadGroup=NSX-MH-414
Note: For 4.0.5 refer to http://www.vmware.com/products/nsx
Documentation:
http://kb.vmware.com/kb/2091179
http://kb.vmware.com/kb/2091205
NSX for vSphere
---------------
Downloads:
https://my.vmware.com/group/vmware/get-download?downloadGroup=NSX-V-611
https://my.vmware.com/group/vmware/get-download?downloadGroup=NSX-V-607
Documentation:
http://kb.vmware.com/kb/2091213
http://kb.vmware.com/kb/2091216
NVP
---
Downloads and Documentation:
http://www.vmware.com/products/nsx
vCenter Hyperic Server
----------------------
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=VCHQ_583_AGENT
https://my.vmware.com/web/vmware/get-download?downloadGroup=VCHQ_583_SERVER
https://my.vmware.com/web/vmware/get-download?downloadGroup=VFHQ_572_AGENT
https://my.vmware.com/web/vmware/get-download?downloadGroup=VFHQ_572
https://my.vmware.com/web/vmware/get-download?downloadGroup=VFHQ_503_AGENT
https://my.vmware.com/web/vmware/get-download?downloadGroup=VFHQ_503_SERVER
Documentation:
http://kb.vmware.com/kb/2091109
http://kb.vmware.com/kb/2091206
http://kb.vmware.com/kb/2091207
vCenter Infrastructure Navigator
--------------------------------
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=VIN_583
https://my.vmware.com/web/vmware/get-download?downloadGroup=VIN_571
https://my.vmware.com/web/vmware/get-download?downloadGroup=VIN_201
Documentation:
http://kb.vmware.com/kb/2091095
http://kb.vmware.com/kb/2091093
http://kb.vmware.com/kb/2091108
vCenter Log Insight
-------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=STRATA20&productId=4
12&rPId=5804
Documentation:
http://kb.vmware.com/kb/2091065
vCenter Operations Manager
--------------------------
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=VCOPS-583-STD
https://my.vmware.com/web/vmware/get-download?downloadGroup=VCOPS-573-STD
Documentation:
http://kb.vmware.com/kb/2091083
http://kb.vmware.com/kb/2091002
vCenter Orchestrator Appliance
------------------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VCL_VCOVA_5521&produ
ctId=353&rPId=6655
Documentation:
http://kb.vmware.com/kb/2091036
vCenter Site Recovery Manager
-----------------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=SRM5513&productId=35
7&rPId=6636
https://my.vmware.com/web/vmware/details?downloadGroup=SRM5122&productId=29
1&rPId=6631
Documentation:
http://kb.vmware.com/kb/2091038
http://kb.vmware.com/kb/2091039
http://kb.vmware.com/kb/2091037 (5.0.x)
vCenter Support Assistant
-------------------------
Downloads and Documentation:
http://kb.vmware.com/kb/2091112
vCloud Application Director
---------------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=APPDIR_601_GA&produc
tId=383&rPId=6216
https://my.vmware.com/web/vmware/details?downloadGroup=VFAPPDIR_520_GA&prod
uctId=345&rPId=3789
Documentation:
http://kb.vmware.com/kb/2091129
vCloud Automation Center
------------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VCAC-610&productId=4
47&rPId=6501
https://my.vmware.com/web/vmware/details?downloadGroup=VCAC-6012&productId=
383&rPId=6216
Documentation:
http://kb.vmware.com/kb/2091012
vCloud Automation Center Application Services
---------------------------------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=APPSER_610&productId
=447&rPId=6501
Documentation:
http://kb.vmware.com/kb/2091129
vCloud Director Appliance
-------------------------
Downloads:
www.vmware.com/go/try-vcloud-director
Documentation:
http://kb.vmware.com/kb/2091071
vCloud Connector
----------------
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=VCC261-GA
Documentation:
http://kb.vmware.com/kb/2091045
vCloud Networking and Security
------------------------------
Downloads:
https://my.vmware.com/group/vmware/get-download?downloadGroup=VCNS5531
https://my.vmware.com/group/vmware/get-download?downloadGroup=VCNS5143
Documentation:
http://kb.vmware.com/kb/2091218
http://kb.vmware.com/kb/2091217
vCloud Usage Meter
------------------
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=UMSV332
Documentation:
http://kb.vmware.com/kb/2091184
vFabric Postgres
----------------
Downloads:
https://my.vmware.com/web/vmware/info/slug/application_platform/vmware_vfab
ric_postgres/9_3
https://my.vmware.com/web/vmware/info?slug=application_platform/vmware_vfab
ric_postgres/9_2
https://my.vmware.com/web/vmware/info?slug=application_platform/vmware_vfab
ric_postgres/9_1
Documentation:
http://kb.vmware.com/kb/2091055
View Planner
------------
View Planner Benchmark Mode
Downloads:
https://my.vmware.com/web/vmware/details?productId=320&downloadGroup=VIEW-P
LAN-300
Documentation:
http://kb.vmware.com/kb/2091281
View Planner Flexible Mode
Downloads: Pending
Documentation: Pending
VMware Data Recovery
--------------------
Downloads:
https://my.vmware.com/web/vmware/details?productId=229&downloadGroup=VDR204
Documentation:
http://kb.vmware.com/kb/2091015
VMware Mirage Gateway
---------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=MIRAGE-510&productId
=407&rPId=6565
(See VMware Mirage Gateway Software)
Documentation:
http://kb.vmware.com/kb/2091090
vSphere App HA
--------------
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=APPHA-111
Documentation:
http://kb.vmware.com/kb/2091087
vSphere Big Data Extensions
---------------------------
Downloads:
https://my.vmware.com/group/vmware/details?downloadGroup=BDE_200_GA&product
Id=353&rPId=6657
Documentation and Release Notes:
http://kb.vmware.com/kb/2091050
https://www.vmware.com/support/bigdataextensions/doc/vsphere-big-data-exten
sions-20-release-notes.html#resolvedissues
https://www.vmware.com/support/bigdataextensions/doc/vsphere-big-data-exten
sions-11-release-notes.html#resolvedissues
https://www.vmware.com/support/bigdataextensions/doc/vsphere-big-data-exten
sions-10-release-notes.html#resolvedissues
vSphere Data Protection
-----------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VDP58_0&productId=35
3&rPId=6654
https://my.vmware.com/web/vmware/details?productId=353&rPId=6654&downloadGr
oup=VDP55_6
Documentation:
http://kb.vmware.com/kb/2091341
vSphere Management Assistant
----------------------------
Downloads:
Download available via online vMA update mechanism
Documentation:
http://kb.vmware.com/kb/2079150
http://kb.vmware.com/kb/2079151
vSphere Replication
-------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VR5801&productId=353
&rPId=6654
https://my.vmware.com/web/vmware/get-download?downloadGroup=VR5602
https://my.vmware.com/web/vmware/details?productId=353&rPId=5721&downloadGr
oup=VR5513
https://my.vmware.com/web/vmware/details?downloadGroup=VR5122&productId=285
&rPId=6779
Documentation:
http://kb.vmware.com/kb/2091019
http://kb.vmware.com/kb/2091031
http://kb.vmware.com/kb/2091033
http://kb.vmware.com/kb/2091035
vSphere Storage Appliance
-------------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VSP55-VSA-552&produc
tId=354&rPId=6585
https://my.vmware.com/web/vmware/details?downloadGroup=VSP51-VSA-513&produc
tId=297&rPId=3752
Documentation:
http://kb.vmware.com/kb/2091000
http://kb.vmware.com/kb/2091086
5. References
VMware Knowledge Base Article 2090740
http://kb.vmware.com/kb/2090740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 ,
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
- ------------------------------------------------------------------------
6. Change Log
2014-09-30 VMSA-2014-0010
Initial security advisory in conjunction with the release of
vCenter Log Insight 2.0 U1 on 2014-09-30.
2014-10-01 VMSA-2014-0010.1
Updated advisory in conjunction with the release of ESX 4.x patches,
vCenter Server Appliance 5.5 U2a, 5.1 U2b, and 5.0 U3b, vCloud Director
Appliance 5.5.1.3, VMware Data Recovery 2.0.4, VMware Mirage Gateway
5.1.1 and vSphere Storage Appliance 5.5.2 on 2014-10-01. Added
CVE-2014-6277 and CVE-2014-6278 as they have been confirmed to be
mitigated.
2014-10-01 VMSA-2014-0010.2
Updated advisory in conjunction with the release of Horizon Workspace
patches, IT Business Management Suite 1.1.0 and 1.0.1, vCenter
Operations Manager patches, vCenter Site Recovery Manager 5.5.1.3 and
5.1.2.2, vCloud Application Director patches, vCloud Automation Center
patches, vCloud Automation Center Application Services patches, vCloud
Director Appliance 5.5.1.3, vFabric Postgres 9.3.5.1, 9.2.9.1, and
9.1.14.1, vSphere Replication 5.8.0.1, 5.5.1.3, and 5.1.2.2 on
2014-10-01.
2014-10-02 VMSA-2014-0010.3
Updated advisory in conjunction with the release of vCenter Hyperic
Server 5.8.3, 5.7.2, and 5.0.3, vCenter Infrastructure Navigator 5.8.3,
5.7.1, and 2.0.1 vCenter Orchestrator Appliance patches, vCenter Support
Assistant patches, vSphere App HA 1.1.1, vSphere Management Assistant
5.5 EP1 and 5.0 EP1 and vSphere Storage Appliance patches on 2014-10-02.
2014-10-02 VMSA-2014-0010.4
Updated advisory in conjunction with the release of Horizon DaaS
Platform 6.1.1, 6.0.2, and 5.4.3, vCenter Orchestrator Appliance
5.5.2.1,
vCloud Connector 2.6.1, vCloud Usage Meter 3.3.2, and vSphere
Replication 5.6.0.2 on 2014-10-02.
2014-10-03 VMSA-2014-0010.5
Updated advisory in conjunction with the release of vCloud Networking
and Security 5.5.3.1 and 5.1.4.3 on 2014-10-03.
2014-10-04 VMSA-2014-0010.6
Updated advisory in conjunction with the release of NSX for
Multi-Hypervisor 4.2.1, 4.1.4, and 4.0.5, NSX for vSphere 6.1.1 and
6.0.7,
NVP 3.2.4, and vSphere Big Data Extensions 2.x patch on 2014-10-04.
2014-10-05 VMSA-2014-0010.7
Updated advisory in conjunction with the release of View Planner 3.0.1.1
and vSphere Data Protection 5.x patch on 2014-10-05.
------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Policy
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15337)
Charset: utf-8
wj8DBQFUMZMpDEcm8Vbi9kMRAs1lAJ9dcgqzDcNVJF68OvDFO2q7+ROmswCfRcvz
W7UlWVQXtvPflP6LZFtUz3w=
=0jre
-----END PGP SIGNATURE-----
UPDATED VMSA-2014-0010.7 – VMware product updates address critical Bash security vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2014-0010.7
Synopsis: VMware product updates address critical Bash
security vulnerabilities
Issue date: 2014-09-30
Updated on: 2014-10-05
CVE numbers: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186,
CVE-2014-7187, CVE-2014-6277, CVE-2014-6278
- ------------------------------------------------------------------------
1. Summary
VMware product updates address Bash security vulnerabilities.
2. Relevant Releases (Affected products for which remediation is present)
ESX 4.1 without patch ESX410-201410401-SG
ESX 4.0 without patch ESX400-201410401-SG
vCenter Server Appliance prior to 5.5 U2a
vCenter Server Appliance prior to 5.1 U2b
vCenter Server Appliance prior to 5.0 U3b
Horizon DaaS Platform prior to 6.1.1
Horizon DaaS Platform prior to 6.0.2
Horizon DaaS Platform prior to 5.4.3
Horizon Workspace 1.x, 2.x without patch
IT Business Management Suite prior to 1.1.0
IT Business Management Suite prior to 1.0.1
NSX for Multi-Hypervisor 4.2.x prior to 4.2.1
NSX for Multi-Hypervisor 4.1.x prior to 4.1.4
NSX for Multi-Hypervisor 4.0.x prior to 4.0.5
NSX for vSphere 6.1.x prior to 6.1.1
NSX for vSphere 6.0.x prior to 6.0.7
NVP 3.x prior to 3.2.4
vCenter Hyperic Server prior to 5.8.3
vCenter Hyperic Server prior to 5.7.2
vCenter Hyperic Server prior to 5.0.3
vCenter Infrastructure Navigator prior to 5.8.3
vCenter Infrastructure Navigator prior to 5.7.1
vCenter Infrastructure Navigator prior to 2.0.1
vCenter Log Insight prior to 2.0U1
vCenter Operations Manager 5.x without patch
vCenter Orchestrator Appliance 5.5.x prior to 5.5.2.1
vCenter Orchestrator Appliance 5.1.x, 4.x without patch
vCenter Site Recovery Manager prior to 5.5.1.3
vCenter Site Recovery Manager prior to 5.1.2.2
vCenter Support Assistant without patch
vCloud Application Director 5.x, 6.x without patch
vCloud Automation Center 6.x without patch
vCloud Automation Center Application Services 6.x without patch
vCloud Director Appliance prior to 5.5.1.3
vCloud Connector prior to 2.6.1
vCloud Networking and Security prior to 5.5.3.1
vCloud Networking and Security prior to 5.1.4.3
vCloud Usage Meter prior to 3.3.2
vFabric Postgres prior to 9.3.5.1
vFabric Postgres prior to 9.2.9.1
vFabric Postgres prior to 9.1.14.1
View Planner prior to 3.0.1.1
VMware Data Recovery prior to 2.0.4
VMware Mirage Gateway prior to 5.1.1
vSphere App HA prior to 1.1.1
vSphere Big Data Extensions 2.x without patch
vSphere Data Protection 5.x without patch
vSphere Management Assistant 5.5.x without 5.5 EP1
vSphere Management Assistant 5.0.x without 5.0 EP1
vSphere Replication prior to 5.8.0.1
vSphere Replication prior to 5.6.0.2
vSphere Replication prior to 5.5.1.3
vSphere Replication prior to 5.1.2.2
vSphere Storage Appliance prior to 5.5.2
vSphere Storage Appliance 5.1.x without patch
3. Problem Description
a. Bash update for multiple products.
Bash libraries have been updated in multiple products to resolve
multiple critical security issues, also referred to as Shellshock.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifiers CVE-2014-6271, CVE-2014-7169,
CVE-2014-7186, and CVE-2014-7187, CVE-2014-6277, CVE-2014-6278
to these issues.
VMware products have been grouped into the following four
product categories:
I) ESXi and ESX Hypervisor
ESXi is not affected because ESXi uses the Ash shell (through
busybox), which is not affected by the vulnerability reported
for the Bash shell.
ESX has an affected version of the Bash shell. See table 1 for
remediation for ESX.
II) Windows-based products
Windows-based products, including all versions of vCenter Server
running on Windows, are not affected.
III) VMware (virtual) appliances
VMware (virtual) appliances ship with an affected version of Bash.
See table 2 for remediation for appliances.
IV) Products that run on Linux, Android, OSX or iOS (excluding
virtual appliances)
Products that run on Linux, Android, OSX or iOS (excluding
virtual appliances) might use the Bash shell that is part of the
operating system. If the operating system has a vulnerable
version of Bash, the Bash security vulnerability might be
exploited through the product. VMware recommends that customers
contact their operating system vendor for a patch.
MITIGATIONS
VMware encourages restricting access to appliances through
firewall rules and other network layer controls to only trusted IP
addresses. This measure will greatly reduce any risk to these
appliances.
RECOMMENDATIONS
VMware recommends customers evaluate and deploy patches for
affected products in Table 1 and 2 below as these
patches become available.
Column 4 of the following tables lists the action required to
remediate the vulnerability in each release, if a solution is
available.
Table 1 - ESXi and ESX Hypervisor
=================================
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =============
ESXi any ESXi Not affected
ESX 4.1 ESX ESX410-201410401-SG*
ESX 4.0 ESX ESX400-201410401-SG*
* VMware has made VMware ESX 4.0 and 4.1 security patches available
for the Bash shell vulnerability. This security patch release is an
exception to the existing VMware lifecycle policy.
Table 2 - Products that are shipped as a (virtual) appliance.
=============================================================
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= ================
vCenter Server Appliance 5.x Linux 5.5 U2a, 5.1 U2b,
5.0 U3b
Horizon DaaS Platform 5.x, 6.x Linux 6.1.1, 6.0.2,
5.4.3
Horizon Workspace 1.x, 2.x Linux See Section 4
IT Business Management Suite 1.x Linux 1.1.0, 1.0.1
NSX for Multi-Hypervisor 4.x Linux 4.2.1, 4.1.4
4.0.5
NSX for vSphere 6.x Linux 6.1.1, 6.0.7
NVP 3.x Linux 3.2.4
vCenter Converter Standalone 5.x Linux Patch Pending**
vCenter Hyperic Server 5.x Linux 5.8.3, 5.7.2,
5.0.3
vCenter Infrastructure Navigator 2.x, 5.x Linux 5.8.3, 5.7.1,
2.0.1
vCenter Log Insight 1.x, 2.x Linux 2.0 U1
vCenter Operations Manager 5.x Linux See Section 4
vCenter Orchestrator Appliance 4.x, 5.x Linux 5.5.2.1, 5.1.2,
4.2.3 See Section
4
vCenter Site Recovery Manager 5.x Linux 5.5.1.3, 5.1.2.2,
5.0.x**
vCenter Support Assistant 5.x Linux See Section 4
vCloud Application Director 5.x, 6.x Linux See Section 4
vCloud Automation Center 6.x Linux See Section 4
vCloud Automation Center
Application Services 6.x Linux See Section 4
vCloud Director Appliance 5.x Linux 5.5.1.3
vCloud Connector 2.x Linux 2.6.1
vCloud Networking and Security 5.x Linux 5.5.3.1, 5.1.4.3
vCloud Usage Meter 3.x Linux 3.3.2
vFabric Postgres 9.x Linux 9.3.5.1, 9.2.9.1,
9.1.14.1
View Planner 3.x Linux 3.0.1.1
VMware Application Dependency
Planner x.x Linux Patch Pending
VMware Data Recovery 2.x Linux 2.0.4
VMware HealthAnalyzer 5.x Linux Patch Pending
VMware Mirage Gateway 5.x Linux 5.1.1
VMware Socialcast On Premise 2.x Linux Patch Pending
VMware Studio 2.x Linux Patch Pending
VMware Workbench 3.x Linux Patch Pending
vSphere App HA 1.x Linux 1.1.1
vSphere Big Data Extensions 2.x Linux See Section 4
vSphere Data Protection 5.x Linux See Section 4
vSphere Management Assistant 5.x Linux 5.5 EP1, 5.0 EP1
vSphere Replication 5.x Linux 5.8.0.1, 5.6.0.2,
5.5.1.3, 5.1.2.2
vSphere Storage Appliance 5.x Linux 5.5.2, 5.1.3
See Section 4
** This product includes Virtual Appliances that will be updated, the
product
itself is not a Virtual Appliance.
4. Solution
ESX
---
Downloads:
https://www.vmware.com/patchmgr/findPatch.portal
Documentation:
http://kb.vmware.com/kb/2090859
http://kb.vmware.com/kb/2090853
vCenter Server Appliance
------------------------
Downloads:
https://my.vmware.com/web/vmware/details?productId=353&downloadGroup=VC55U2
(scroll down to 5.5 Update 2a Appliance)
https://my.vmware.com/web/vmware/details?productId=285&downloadGroup=VCL-VS
P510-VC-51U2A
(scroll down to 5.1 Update 2b Appliance)
https://my.vmware.com/web/vmware/details?productId=229&downloadGroup=VC50U3
A
(scroll down to 5.0 Update 3b Appliance)
Documentation:
http://kb.vmware.com/kb/2091085
http://kb.vmware.com/kb/2091018
http://kb.vmware.com/kb/2091017
Horizon DaaS Platform
---------------------
Downloads:
https://my.vmware.com/web/vmware/details?productId=405&rPId=6527&downloadGr
oup=HORIZON-DAAS-610-BIN
https://my.vmware.com/web/vmware/details?productId=405&downloadGroup=HORIZO
N-DAAS-602
https://my.vmware.com/web/vmware/details?downloadGroup=HORIZON-DAAS-ONPREM-
540&productId=398
Documentation:
http://kb.vmware.com/kb/2091183
Horizon Workspace
-----------------
Downloads:
(Scroll down to the relevant download)
Workspace Portal 2.1.0 ->
https://my.vmware.com/web/vmware/details?productId=419&rPId=6533&downloadGr
oup=HZNP210
Workspace Portal 2.0.0 ->
https://my.vmware.com/web/vmware/details?productId=419&rPId=6533&downloadGr
oup=HZNWS200
Horizon Workspace 1.8.2 ->
https://my.vmware.com/web/vmware/details?productId=399&rPId=6083&downloadGr
oup=HZNWS182
Horizon Workspace 1.8.1 ->
https://my.vmware.com/web/vmware/details?productId=399&rPId=6083&downloadGr
oup=HZNWS181
Horizon Workspace 1.8.0 ->
https://my.vmware.com/web/vmware/details?productId=399&rPId=6083&downloadGr
oup=HZNWS180
Horizon Workspace 1.5.2 ->
https://my.vmware.com/web/vmware/details?productId=350&rPId=4768&downloadGr
oup=HZNWS152
Horizon Workspace 1.5.1 ->
https://my.vmware.com/web/vmware/details?productId=350&rPId=4768&downloadGr
oup=HZNWS151
Horizon Workspace 1.5.0 ->
https://my.vmware.com/web/vmware/details?productId=350&rPId=4768&downloadGr
oup=HZNWS150
Documentation:
http://kb.vmware.com/kb/2091067
IT Business Management Suite
----------------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=ITBM-STD-110&product
Id=384&rPId=6384
https://my.vmware.com/web/vmware/details?downloadGroup=ITBM-STD-101&product
Id=385&rPId=6333
Documentation:
http://kb.vmware.com/kb/2091014
http://kb.vmware.com/kb/2091013
NSX for Multi-Hypervisor
------------------------
Downloads:
https://my.vmware.com/group/vmware/get-download?downloadGroup=NSX-MH-421
https://my.vmware.com/group/vmware/get-download?downloadGroup=NSX-MH-414
Note: For 4.0.5 refer to http://www.vmware.com/products/nsx
Documentation:
http://kb.vmware.com/kb/2091179
http://kb.vmware.com/kb/2091205
NSX for vSphere
---------------
Downloads:
https://my.vmware.com/group/vmware/get-download?downloadGroup=NSX-V-611
https://my.vmware.com/group/vmware/get-download?downloadGroup=NSX-V-607
Documentation:
http://kb.vmware.com/kb/2091213
http://kb.vmware.com/kb/2091216
NVP
---
Downloads and Documentation:
http://www.vmware.com/products/nsx
vCenter Hyperic Server
----------------------
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=VCHQ_583_AGENT
https://my.vmware.com/web/vmware/get-download?downloadGroup=VCHQ_583_SERVER
https://my.vmware.com/web/vmware/get-download?downloadGroup=VFHQ_572_AGENT
https://my.vmware.com/web/vmware/get-download?downloadGroup=VFHQ_572
https://my.vmware.com/web/vmware/get-download?downloadGroup=VFHQ_503_AGENT
https://my.vmware.com/web/vmware/get-download?downloadGroup=VFHQ_503_SERVER
Documentation:
http://kb.vmware.com/kb/2091109
http://kb.vmware.com/kb/2091206
http://kb.vmware.com/kb/2091207
vCenter Infrastructure Navigator
--------------------------------
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=VIN_583
https://my.vmware.com/web/vmware/get-download?downloadGroup=VIN_571
https://my.vmware.com/web/vmware/get-download?downloadGroup=VIN_201
Documentation:
http://kb.vmware.com/kb/2091095
http://kb.vmware.com/kb/2091093
http://kb.vmware.com/kb/2091108
vCenter Log Insight
-------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=STRATA20&productId=4
12&rPId=5804
Documentation:
http://kb.vmware.com/kb/2091065
vCenter Operations Manager
--------------------------
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=VCOPS-583-STD
https://my.vmware.com/web/vmware/get-download?downloadGroup=VCOPS-573-STD
Documentation:
http://kb.vmware.com/kb/2091083
http://kb.vmware.com/kb/2091002
vCenter Orchestrator Appliance
------------------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VCL_VCOVA_5521&produ
ctId=353&rPId=6655
Documentation:
http://kb.vmware.com/kb/2091036
vCenter Site Recovery Manager
-----------------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=SRM5513&productId=35
7&rPId=6636
https://my.vmware.com/web/vmware/details?downloadGroup=SRM5122&productId=29
1&rPId=6631
Documentation:
http://kb.vmware.com/kb/2091038
http://kb.vmware.com/kb/2091039
http://kb.vmware.com/kb/2091037 (5.0.x)
vCenter Support Assistant
-------------------------
Downloads and Documentation:
http://kb.vmware.com/kb/2091112
vCloud Application Director
---------------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=APPDIR_601_GA&produc
tId=383&rPId=6216
https://my.vmware.com/web/vmware/details?downloadGroup=VFAPPDIR_520_GA&prod
uctId=345&rPId=3789
Documentation:
http://kb.vmware.com/kb/2091129
vCloud Automation Center
------------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VCAC-610&productId=4
47&rPId=6501
https://my.vmware.com/web/vmware/details?downloadGroup=VCAC-6012&productId=
383&rPId=6216
Documentation:
http://kb.vmware.com/kb/2091012
vCloud Automation Center Application Services
---------------------------------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=APPSER_610&productId
=447&rPId=6501
Documentation:
http://kb.vmware.com/kb/2091129
vCloud Director Appliance
-------------------------
Downloads:
www.vmware.com/go/try-vcloud-director
Documentation:
http://kb.vmware.com/kb/2091071
vCloud Connector
----------------
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=VCC261-GA
Documentation:
http://kb.vmware.com/kb/2091045
vCloud Networking and Security
------------------------------
Downloads:
https://my.vmware.com/group/vmware/get-download?downloadGroup=VCNS5531
https://my.vmware.com/group/vmware/get-download?downloadGroup=VCNS5143
Documentation:
http://kb.vmware.com/kb/2091218
http://kb.vmware.com/kb/2091217
vCloud Usage Meter
------------------
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=UMSV332
Documentation:
http://kb.vmware.com/kb/2091184
vFabric Postgres
----------------
Downloads:
https://my.vmware.com/web/vmware/info/slug/application_platform/vmware_vfab
ric_postgres/9_3
https://my.vmware.com/web/vmware/info?slug=application_platform/vmware_vfab
ric_postgres/9_2
https://my.vmware.com/web/vmware/info?slug=application_platform/vmware_vfab
ric_postgres/9_1
Documentation:
http://kb.vmware.com/kb/2091055
View Planner
------------
View Planner Benchmark Mode
Downloads:
https://my.vmware.com/web/vmware/details?productId=320&downloadGroup=VIEW-P
LAN-300
Documentation:
http://kb.vmware.com/kb/2091281
View Planner Flexible Mode
Downloads: Pending
Documentation: Pending
VMware Data Recovery
--------------------
Downloads:
https://my.vmware.com/web/vmware/details?productId=229&downloadGroup=VDR204
Documentation:
http://kb.vmware.com/kb/2091015
VMware Mirage Gateway
---------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=MIRAGE-510&productId
=407&rPId=6565
(See VMware Mirage Gateway Software)
Documentation:
http://kb.vmware.com/kb/2091090
vSphere App HA
--------------
Downloads:
https://my.vmware.com/web/vmware/get-download?downloadGroup=APPHA-111
Documentation:
http://kb.vmware.com/kb/2091087
vSphere Big Data Extensions
---------------------------
Downloads:
https://my.vmware.com/group/vmware/details?downloadGroup=BDE_200_GA&product
Id=353&rPId=6657
Documentation and Release Notes:
http://kb.vmware.com/kb/2091050
https://www.vmware.com/support/bigdataextensions/doc/vsphere-big-data-exten
sions-20-release-notes.html#resolvedissues
https://www.vmware.com/support/bigdataextensions/doc/vsphere-big-data-exten
sions-11-release-notes.html#resolvedissues
https://www.vmware.com/support/bigdataextensions/doc/vsphere-big-data-exten
sions-10-release-notes.html#resolvedissues
vSphere Data Protection
-----------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VDP58_0&productId=35
3&rPId=6654
https://my.vmware.com/web/vmware/details?productId=353&rPId=6654&downloadGr
oup=VDP55_6
Documentation:
http://kb.vmware.com/kb/2091341
vSphere Management Assistant
----------------------------
Downloads:
Download available via online vMA update mechanism
Documentation:
http://kb.vmware.com/kb/2079150
http://kb.vmware.com/kb/2079151
vSphere Replication
-------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VR5801&productId=353
&rPId=6654
https://my.vmware.com/web/vmware/get-download?downloadGroup=VR5602
https://my.vmware.com/web/vmware/details?productId=353&rPId=5721&downloadGr
oup=VR5513
https://my.vmware.com/web/vmware/details?downloadGroup=VR5122&productId=285
&rPId=6779
Documentation:
http://kb.vmware.com/kb/2091019
http://kb.vmware.com/kb/2091031
http://kb.vmware.com/kb/2091033
http://kb.vmware.com/kb/2091035
vSphere Storage Appliance
-------------------------
Downloads:
https://my.vmware.com/web/vmware/details?downloadGroup=VSP55-VSA-552&produc
tId=354&rPId=6585
https://my.vmware.com/web/vmware/details?downloadGroup=VSP51-VSA-513&produc
tId=297&rPId=3752
Documentation:
http://kb.vmware.com/kb/2091000
http://kb.vmware.com/kb/2091086
5. References
VMware Knowledge Base Article 2090740
http://kb.vmware.com/kb/2090740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 ,
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
- ------------------------------------------------------------------------
6. Change Log
2014-09-30 VMSA-2014-0010
Initial security advisory in conjunction with the release of
vCenter Log Insight 2.0 U1 on 2014-09-30.
2014-10-01 VMSA-2014-0010.1
Updated advisory in conjunction with the release of ESX 4.x patches,
vCenter Server Appliance 5.5 U2a, 5.1 U2b, and 5.0 U3b, vCloud Director
Appliance 5.5.1.3, VMware Data Recovery 2.0.4, VMware Mirage Gateway
5.1.1 and vSphere Storage Appliance 5.5.2 on 2014-10-01. Added
CVE-2014-6277 and CVE-2014-6278 as they have been confirmed to be
mitigated.
2014-10-01 VMSA-2014-0010.2
Updated advisory in conjunction with the release of Horizon Workspace
patches, IT Business Management Suite 1.1.0 and 1.0.1, vCenter
Operations Manager patches, vCenter Site Recovery Manager 5.5.1.3 and
5.1.2.2, vCloud Application Director patches, vCloud Automation Center
patches, vCloud Automation Center Application Services patches, vCloud
Director Appliance 5.5.1.3, vFabric Postgres 9.3.5.1, 9.2.9.1, and
9.1.14.1, vSphere Replication 5.8.0.1, 5.5.1.3, and 5.1.2.2 on
2014-10-01.
2014-10-02 VMSA-2014-0010.3
Updated advisory in conjunction with the release of vCenter Hyperic
Server 5.8.3, 5.7.2, and 5.0.3, vCenter Infrastructure Navigator 5.8.3,
5.7.1, and 2.0.1 vCenter Orchestrator Appliance patches, vCenter Support
Assistant patches, vSphere App HA 1.1.1, vSphere Management Assistant
5.5 EP1 and 5.0 EP1 and vSphere Storage Appliance patches on 2014-10-02.
2014-10-02 VMSA-2014-0010.4
Updated advisory in conjunction with the release of Horizon DaaS
Platform 6.1.1, 6.0.2, and 5.4.3, vCenter Orchestrator Appliance
5.5.2.1,
vCloud Connector 2.6.1, vCloud Usage Meter 3.3.2, and vSphere
Replication 5.6.0.2 on 2014-10-02.
2014-10-03 VMSA-2014-0010.5
Updated advisory in conjunction with the release of vCloud Networking
and Security 5.5.3.1 and 5.1.4.3 on 2014-10-03.
2014-10-04 VMSA-2014-0010.6
Updated advisory in conjunction with the release of NSX for
Multi-Hypervisor 4.2.1, 4.1.4, and 4.0.5, NSX for vSphere 6.1.1 and
6.0.7,
NVP 3.2.4, and vSphere Big Data Extensions 2.x patch on 2014-10-04.
2014-10-05 VMSA-2014-0010.7
Updated advisory in conjunction with the release of View Planner 3.0.1.1
and vSphere Data Protection 5.x patch on 2014-10-05.
------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Policy
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15337)
Charset: utf-8
wj8DBQFUMZMpDEcm8Vbi9kMRAs1lAJ9dcgqzDcNVJF68OvDFO2q7+ROmswCfRcvz
W7UlWVQXtvPflP6LZFtUz3w=
=0jre
-----END PGP SIGNATURE-----
AutoWeb 3.0 SQL Injection
AutoWeb version 3.0 suffers from a remote SQL injection vulnerability.