SB15-243: Vulnerability Summary for the Week of August 24, 2015

Title: SB15-243: Vulnerability Summary for the Week of August 24, 2015

NCCIC / US-CERT

National Cyber Awareness System:

08/31/2015 06:19 AM EDT

Original release date: August 31, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
actiontec -- _ncs01_firmware	Actiontec GT784WN modems with firmware before NC昭和01年1月0日.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface.	2015年08月23日	8.3	CVE-2015-2904 CERT-VN
adobe -- air	Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565.	2015年08月24日	10.0	CVE-2015-5566 CONFIRM
apache -- tapestry	Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consumption) or execute arbitrary code via crafted serialized data.	2015年08月22日	7.8	CVE-2014-1972 CONFIRM CONFIRM JVNDB JVN
apache -- activemq	The LDAPLoginModule implementation the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames.	2015年08月24日	7.5	CVE-2014-3612 BID MLIST REDHAT REDHAT CONFIRM
drupal -- drupal	SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.	2015年08月24日	7.5	CVE-2015-6659 CONFIRM
f5 -- big-ip_access_policy_manager	Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets.	2015年08月24日	7.8	CVE-2015-5058 CONFIRM SECTRACK
hp -- operations_manager_i	Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors.	2015年08月22日	10.0	CVE-2015-2137 HP
hp -- hspa+_gobi_4g	The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors.	2015年08月27日	7.8	CVE-2015-5368 HP
hp -- systems_insight_manager	HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive information, modify data, or cause a denial of service, via unspecified vectors.	2015年08月26日	7.2	CVE-2015-5402 HP HP
hp -- systems_insight_manager	HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.	2015年08月26日	7.5	CVE-2015-5404 HP HP
hp -- centralview_credit_risk_control	HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5407 and CVE-2015-5408.	2015年08月22日	9.0	CVE-2015-5406 HP
hp -- version_control_repository_manager	Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.	2015年08月26日	7.5	CVE-2015-5409 HP
hp -- keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875.	2015年08月24日	7.5	CVE-2015-5416 HP
hp -- keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876.	2015年08月24日	7.5	CVE-2015-5417 HP
hp -- keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877.	2015年08月24日	7.5	CVE-2015-5418 HP
hp -- keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879.	2015年08月24日	7.5	CVE-2015-5419 HP
hp -- keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880.	2015年08月24日	7.5	CVE-2015-5420 HP
hp -- keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881.	2015年08月24日	7.5	CVE-2015-5421 HP
hp -- keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883.	2015年08月24日	7.5	CVE-2015-5422 HP
hp -- keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884.	2015年08月24日	7.5	CVE-2015-5423 HP
hp -- keyview	Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885.	2015年08月24日	7.5	CVE-2015-5424 HP
hp -- matrix_operating_environment	HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-5429.	2015年08月26日	7.5	CVE-2015-5427 HP
hp -- matrix_operating_environment	HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5429.	2015年08月26日	7.5	CVE-2015-5428 HP
hp -- matrix_operating_environment	HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-5428.	2015年08月26日	7.5	CVE-2015-5429 HP
hp -- virtual_connect_enterprise_manager_sdk	HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.	2015年08月26日	7.5	CVE-2015-5432 HP HP
ibm -- systems_director	IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 improperly processes events, which allows local users to gain privileges via unspecified vectors.	2015年08月23日	7.2	CVE-2015-1992 CONFIRM AIXAPAR CONFIRM
libevent_project -- libevent	Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.	2015年08月24日	7.5	CVE-2014-6272 DEBIAN MLIST
libevent_project -- libevent	Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions.	2015年08月24日	7.5	CVE-2015-6525 DEBIAN MLIST
mobile_devices -- c4_obd-ii_dongle_firmware	DISPUTED Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation. NOTE: the vendor states "This was a flaw for the developer/debugging devices (again not possible in production versions)."	2015年08月23日	9.0	CVE-2015-2906 CONFIRM CERT-VN MISC
mobile_devices -- c4_obd-ii_dongle_firmware	DISPUTED Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password. NOTE: the vendor states "This was a flaw for the developer/debugging devices (again not possible in production versions)."	2015年08月23日	9.0	CVE-2015-2907 CONFIRM CERT-VN MISC
mobile_devices -- c4_obd-ii_dongle_firmware	DISPUTED Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server. NOTE: the vendor states "This was a flaw for the developer/debugging devices, and was fixed in production version about 3 years ago."	2015年08月23日	9.0	CVE-2015-2908 CONFIRM CERT-VN MISC
openbsd -- openssh	sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.	2015年08月23日	7.2	CVE-2015-6565 MLIST CONFIRM
polarssl -- polarssl	Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue.	2015年08月24日	7.8	CVE-2014-8628 CONFIRM CONFIRM SUSE
polarssl -- polarssl	Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.	2015年08月24日	7.8	CVE-2014-9744 CONFIRM SUSE
redhat -- openshift	Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.	2015年08月24日	8.5	CVE-2015-5222 REDHAT

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
actiontec -- _ncs01_firmware	Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NC昭和01年1月0日.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary users.	2015年08月23日	6.8	CVE-2015-2905 CERT-VN
adobe -- livecycle_data_services	Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	2015年08月24日	5.0	CVE-2015-3269 CONFIRM BUGTRAQ
apache -- activemq	The LDAPLoginModule implementation the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.	2015年08月24日	5.0	CVE-2015-6524 CONFIRM
apple -- quicktime	Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5786.	2015年08月24日	6.8	CVE-2015-5785 APPLE CONFIRM
apple -- quicktime	Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785.	2015年08月24日	6.8	CVE-2015-5786 APPLE CONFIRM
chaos_tool_suite_project -- ctools	Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.	2015年08月24日	4.3	CVE-2015-6665 CONFIRM MISC CONFIRM
cisco -- asr_5000_series_software	Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820.	2015年08月22日	5.0	CVE-2015-6256 CISCO
cisco -- wireless_lan_controller_software	The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033.	2015年08月22日	5.0	CVE-2015-6258 CISCO
cisco -- telepresence_video_communication_server_software	Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531.	2015年08月26日	4.0	CVE-2015-6261 CISCO
cisco -- prime_infrastructure	Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059.	2015年08月24日	6.8	CVE-2015-6262 CISCO
cisco -- application_control_engine_4700	The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command's input, aka Bug ID CSCur23662.	2015年08月26日	4.3	CVE-2015-6265 CISCO
conntrack-tools_project -- conntrack-tools	conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a (1) DCCP, (2) SCTP, or (3) ICMPv6 packet.	2015年08月24日	5.0	CVE-2015-6496 CONFIRM MLIST MLIST DEBIAN CONFIRM
dell -- sonicwall_netextender_firmware	Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender with firmware before 7.5.1.2 and 8.x before 8.0.0.3 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.	2015年08月26日	4.4	CVE-2015-4173 BUGTRAQ MISC
djangoproject -- django	contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.	2015年08月24日	5.0	CVE-2015-5963 MISC UBUNTU
djangoproject -- django	The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.	2015年08月24日	5.0	CVE-2015-5964 MISC UBUNTU
drupal -- drupal	Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files.	2015年08月24日	4.3	CVE-2015-6658 CONFIRM
drupal -- drupal	The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."	2015年08月24日	6.8	CVE-2015-6660 CONFIRM
drupal -- drupal	Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu.	2015年08月24日	5.0	CVE-2015-6661 CONFIRM
gnu -- glibc	The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.	2015年08月26日	5.1	CVE-2013-7424 CONFIRM CONFIRM CONFIRM CONFIRM MLIST REDHAT
gnu -- gnutls	Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.	2015年08月24日	5.0	CVE-2015-6251 CONFIRM CONFIRM BID MLIST MLIST CONFIRM DEBIAN
hp -- operations_manager_i	Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.	2015年08月22日	4.4	CVE-2015-2132 HP
hp -- systems_insight_manager	HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403.	2015年08月26日	4.0	CVE-2015-2139 HP HP
hp -- systems_insight_manager	HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.	2015年08月26日	6.5	CVE-2015-2140 HP HP
hp -- hspa+_gobi_4g	The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors.	2015年08月27日	6.9	CVE-2015-5367 HP
hp -- systems_insight_manager	HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139.	2015年08月26日	4.0	CVE-2015-5403 HP HP
hp -- systems_insight_manager	HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.	2015年08月26日	6.5	CVE-2015-5405 HP HP
hp -- centralview_credit_risk_control	HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5408.	2015年08月22日	6.0	CVE-2015-5407 HP
hp -- centralview_credit_risk_control	HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5406 and CVE-2015-5407.	2015年08月22日	6.0	CVE-2015-5408 HP
hp -- version_control_repository_manager	HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors.	2015年08月26日	6.5	CVE-2015-5410 HP
hp -- version_control_repository_manager	HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors.	2015年08月26日	6.8	CVE-2015-5411 HP
hp -- version_control_repository_manager	Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.	2015年08月26日	6.0	CVE-2015-5412 HP
hp -- version_control_repository_manager	HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors.	2015年08月26日	4.0	CVE-2015-5413 HP
hp -- matrix_operating_environment	HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors.	2015年08月26日	5.0	CVE-2015-5430 HP
hp -- matrix_operating_environment	HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.	2015年08月26日	6.5	CVE-2015-5431 HP
hp -- virtual_connect_enterprise_manager_sdk	HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors.	2015年08月26日	4.0	CVE-2015-5433 HP HP
ibm -- websphere_application_server	IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header.	2015年08月22日	5.0	CVE-2015-1932 CONFIRM AIXAPAR
ibm -- domino	Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA.	2015年08月22日	5.8	CVE-2015-2014 CONFIRM
ibm -- domino	Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN.	2015年08月22日	4.3	CVE-2015-2015 CONFIRM
ibm -- websphere_application_server	IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors.	2015年08月22日	5.0	CVE-2015-4938 CONFIRM AIXAPAR
ibm -- tivoli_storage_fastback_for_microsoft_exchange	The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name.	2015年08月23日	4.0	CVE-2015-4950 CONFIRM AIXAPAR AIXAPAR
iodata -- wn-g54/r2_firmware	I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests.	2015年08月22日	5.0	CVE-2015-2984 CONFIRM JVNDB JVN
kernel -- linux-pam	The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.	2015年08月24日	5.8	CVE-2015-3238 MISC MISC CONFIRM MLIST REDHAT
openbsd -- openssh	Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.	2015年08月23日	6.9	CVE-2015-6564 CONFIRM MLIST CONFIRM FULLDISC
openstack -- neutron	OpenStack Neutron before 2014年2月4日 (juno) and 2015.1.x before 2015年1月1日 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.	2015年08月26日	4.0	CVE-2015-3221 CONFIRM REDHAT MLIST
php_kobo -- photo_gallery_cms_free	Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php.	2015年08月22日	4.3	CVE-2015-2982 CONFIRM JVNDB JVN
php_kobo -- photo_gallery_cms_free	Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary users.	2015年08月22日	6.8	CVE-2015-2983 CONFIRM JVNDB JVN
picketlink -- picketlink	The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.	2015年08月26日	4.0	CVE-2015-3158 CONFIRM CONFIRM CONFIRM REDHAT REDHAT REDHAT REDHAT REDHAT
redhat -- mod_cluster	Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.	2015年08月24日	4.3	CVE-2015-0298 CONFIRM REDHAT REDHAT
rubygems -- rubygems	RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.	2015年08月25日	4.3	CVE-2015-4020 MISC MISC CONFIRM CONFIRM CONFIRM
sap -- netweaver	XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.	2015年08月24日	6.8	CVE-2015-6662 MISC
sap -- afaria	Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669.	2015年08月24日	4.3	CVE-2015-6663 MISC
sap -- mobile_platform	XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227.	2015年08月24日	6.8	CVE-2015-6664 MISC
sgi -- xfsprogs	xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.	2015年08月25日	5.0	CVE-2012-2150 CONFIRM MLIST MLIST MLIST SUSE FEDORA FEDORA FEDORA
trend_micro -- deep_discovery_inspector	Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature.	2015年08月23日	4.3	CVE-2015-2872 CERT-VN CONFIRM
trend_micro -- deep_discovery_inspector	Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL.	2015年08月23日	5.5	CVE-2015-2873 CERT-VN CONFIRM
videolan -- vlc_media_player	VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.	2015年08月25日	6.8	CVE-2015-5949 MISC CONFIRM BUGTRAQ MLIST MLIST DEBIAN MISC
wireshark -- wireshark	The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2015年08月24日	4.3	CVE-2015-6241 CONFIRM CONFIRM CONFIRM
wireshark -- wireshark	The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet.	2015年08月24日	4.3	CVE-2015-6242 CONFIRM CONFIRM CONFIRM
wireshark -- wireshark	The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions.	2015年08月24日	4.3	CVE-2015-6243 CONFIRM CONFIRM CONFIRM
wireshark -- wireshark	The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2015年08月24日	4.3	CVE-2015-6244 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
wireshark -- wireshark	epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.	2015年08月24日	4.3	CVE-2015-6245 CONFIRM CONFIRM CONFIRM
wireshark -- wireshark	The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2015年08月24日	4.3	CVE-2015-6246 CONFIRM CONFIRM CONFIRM
wireshark -- wireshark	The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.	2015年08月24日	4.3	CVE-2015-6247 CONFIRM CONFIRM CONFIRM
wireshark -- wireshark	The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2015年08月24日	4.3	CVE-2015-6248 CONFIRM CONFIRM CONFIRM CONFIRM
wireshark -- wireshark	The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.	2015年08月24日	4.3	CVE-2015-6249 CONFIRM CONFIRM CONFIRM
zend -- zend_framework	The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.	2015年08月25日	6.8	CVE-2015-5161 EXPLOIT-DB BID DEBIAN FULLDISC MISC FEDORA MISC CONFIRM

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
cisco -- prime_infrastructure	Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958.	2015年08月22日	3.5	CVE-2015-4331 CISCO
emc -- documentum_d2	Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.	2015年08月22日	3.5	CVE-2015-4537 BUGTRAQ
ibm -- integration_bus	IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors.	2015年08月23日	3.5	CVE-2015-2018 CONFIRM AIXAPAR
ibm -- tivoli_storage_flashcopy_manager	IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557.	2015年08月22日	2.1	CVE-2015-4949 CONFIRM AIXAPAR
ibm -- tivoli_storage_flashcopy_manager	IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949.	2015年08月22日	2.1	CVE-2015-6557 CONFIRM AIXAPAR
libunwind_project -- libunwind	Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.	2015年08月26日	3.3	CVE-2015-3239 CONFIRM REDHAT CONFIRM
mantisbt -- mantisbt	Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986.	2015年08月24日	3.5	CVE-2014-8987 CONFIRM MLIST MLIST MLIST MLIST MLIST CONFIRM
openbsd -- openssh	The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.	2015年08月23日	1.9	CVE-2015-6563 CONFIRM MLIST CONFIRM FULLDISC
qemu -- qemu	The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.- files before the program.	2015年08月26日	1.9	CVE-2015-4037 CONFIRM MLIST MLIST MLIST DEBIAN DEBIAN

This product is provided subject to this Notification and this Privacy & Use policy.

A copy of this publication is available at www.us-cert.gov. If you need help or have questions, please send an email to info@xxxxxxxxxxx. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT@xxxxxxxxxxxxxxxx to your address book.

OTHER RESOURCES:

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences | Unsubscribe | Help

This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 Powered by GovDelivery