2014-11 Security Bulletin: CTPView: Multiple Security vulnerabilities resolved by third party software updates

Product Affected:CTPView releases 4.2, 4.3, 4.4, 4.5, 4.6.

Problem:CTPView release 7.0R1 addresses multiple vulnerabilities in prior releases with updated third party software components.Following is a list of software upgraded and vulnerabilities resolved: Linux Kernel was upgraded to version 2.6.18-371.1.2.el5 which resolved: CVE CVSS v2 base score Summary CVE-2010-3081 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) Local privilege escalation vulnerability in Linux. CVE-2012-3510 5.6 (AV:L/AC:L/Au:N/C:P/I:N/A:C) Local users can obtain potentially sensitive information from kernel memory or cause a denial of service (system crash). CVE-2009-1265 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Integer overflow Linux Kernel that can leak sensitive information. Oracle MySQL package was upgraded to 5.1.66 which resolved: CVE CVSS v2 base score Summary CVE-2012-0882 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Buffer overflow in yaSSL that can allow remote attackers to execute arbitrary code. CVE-2012-3158 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) remote code execution vulnerability in MySQL. Vulnerabilities addressed in Apache Reverse Proxy: CVE CVSS v2 base score Summary CVE-2011-3368 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Information disclosure vulnerability in mod_proxy module in the Apache HTTP Server. CVE-2011-4317 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Information disclosure vulnerability in mod_proxy module in the Apache HTTP Server. Sudo package was upgraded to 1.7.10p7 which resolved: CVE CVSS v2 base score Summary CVE-2012-2337 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to bypass restrictions. CVE-2010-0426 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to gain privileges. CVE-2010-1163 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to execute arbitrary commands. CVE-2013-1775 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to bypass intended time restrictions. CVE-2010-1646 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C) Sudo vulnerability allow local users to gain privileges. CVE-2010-2956 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C) Sudo vulnerability allows local users to gain privileges. CVE-2010-0427 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) Sudo vulnerability allows local users to gain privileges via a sudo command. CVE-2011-0010 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) Sudo vulnerability allows local users to bypass intended authentication requirements. PHP package was upgraded to 5.2.17-2 which resolved: CVE CVSS v2 base score Summary CVE-2011-1153 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Multiple format string vulnerabilities in PHP phar extension. CVE-2012-2311 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Remote code execution vulnerability. CVE-2013-1635 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Vulnerability which allows remote attackers to bypass intended access restrictions. CVE-2012-0831 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) PHP vulnerability which makes it easier for remote attackers to conduct SQL injection attacks. CVE-2011-4566 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) Integer overflow in the exif extension in PHP. CVE-2012-0057 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files. CVE-2012-1172 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P) Denial of service or directory traversal vulnerability. CVE-2011-4885 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) PHP denial of service due to predictable hash collisions. CVE-2012-0781 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service (NULL pointer dereference and application crash) via crafted input. CVE-2012-0788 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service in PHP PDO driver. CVE-2012-0789 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Memory leak in the timezone functionality in PHP. CVE-2012-2329 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Buffer overflow in PHP allows remote attackers to cause a denial of service. CVE-2013-1643 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Vulnerability in SOAP parser in PHP which allows remote attackers to read arbitrary files. CVE-2011-0421 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Denial of service vulnerability in the PHP Zip extension. CVE-2011-0708 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Denial of service vulnerability in the Exif extension. CVE-2011-1398 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Vulnerability that allows remote attackers to bypass an HTTP response-splitting protection mechanism. Libxml2 library was upgraded to resolve: CVE CVSS v2 base score Summary CVE-2011-0216 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Denial of service vulnerability. CVE-2011-1944 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Vulnerability that can cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file. CVE-2011-3919 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Heap-based buffer overflow in libxml2 that can cause a denial of service. CVE-2011-2834 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Double free vulnerability in libxml2 that can cause a denial of service. CVE-2011-3905 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service (out-of-bounds read) vulnerability. CVE-2009-2414 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Stack consumption vulnerability in libxml2. CVE-2009-2416 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Multiple use-after-free vulnerabilities in libxml2. CVE-2010-4008 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Denial of service (application crash) via a crafted XML document. Mozilla NSS and NSPR packages were upgraded to resolve: CVE CVSS v2 base score Summary CVE-2014-1568 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) NSS does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a “signature malleability” issue. CVE-2013-0791 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) NSS allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. CVE-2013-1620 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) The TLS implementation in NSS allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets. Vulnerabilities addressed in GNU C Library (glibc or libc6): CVE CVSS v2 base score Summary CVE-2009-5029 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Integer overflow in glibc. CVE-2010-0830 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Integer signedness error in glibc. CVE-2011-4609 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service (CPU consumption) via a large number of RPC connections. CVE-2011-1089 3.3 (AV:L/AC:M/Au:N/C:P/I:P/A:N) Local users can corrupt /etc/mtab file. Vulnerabilities addressed in Linux PAM: CVE CVSS v2 base score Summary CVE-2010-3853 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C) Vulnerability that may allow local users to gain privileges. CVE-2010-4707 4.9 (AV:L/AC:L/Au:N/C:C/I:N/A:N) Vulnerability that may allow local users to cause a denial of service (resource consumption) via a special file. CVE-2010-3435 4.7 (AV:L/AC:M/Au:N/C:C/I:N/A:N) Vulnerability that may allow local users to obtain sensitive information. CVE-2010-3316 3.3 (AV:L/AC:M/Au:N/C:P/I:P/A:N) Vulnerability that allow local users to read arbitrary files. In addition to the above, third party software upgrades in CTPView contain fixes to a number other CVEs which are not exploitable on CTPView or not applicable in the context of CTPView or their impact to CTPView has not been evaluated. Hence those are not listed here. Bash package was upgraded to version 3.2.33 to resolve “ShellShock” vulnerabilities (CVE-2014-6271 CVE-2014-7169). Hower CTPView was evaluated to be not vulnerable to any remote exploitation risks due to these issues.

Solution:These vulnerabilities are fixed in CTPView 7.0R1 and later releases.

Workaround:There are no known workarounds that can be used to mitigate all the above vulnerabilities. Limiting access to CTPView from only trusted hosts would help mitigate Apache, MySQL, sudo and PHP vulnerabilities.

Implementation:CTPView release 7.0R1 is available for download from http://www.juniper.net/support/downloads/?p=ctpview#sw. Modification History: 2014-11-12: Initial publication.

Related Links: CVSS Score:9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Risk Level:Critical

Risk Assessment:Vulnerability CVE-2014-3062 has the highest CVSS v2 base score of 9.3 in this advisory.

Acknowledgements:

Leave a Reply