CERT Advisories

VU#768399: HPE SiteScope contains multiple vulnerabilities

HPE's SiteScope is vulnerable to several cryptographic issues,insufficiently protected credentials,and missing authentication.

VU#843044: Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session...

The Intelligent Platform Management Interface(IPMI)v1.5 implementations in multiple Dell iDRAC releases are vulnerable to arbitrary command injection due to use of insufficiently random session ID values.

VU#787252: Microsoft Windows domain-configured client Group Policy fails to authenticate servers

Microsoft Windows domain-configured client Group Policy fails to authenticate servers over Universal Naming Convention(UNC)paths.

VU#537684: Alfresco Enterprise contains multiple cross-site scripting vulnerabilities

Alfresco Enterprise 4.1.6 and possibly earlier versions are vulnerable to multiple cross-site scripting(XSS)vulnerabilities.

VU#973460: drchrono Electronic Health Record (EHR) web applications vulnerable to cross-site...

drchrono Electronic Health Record(EHR)web applications allow cross-site scripting(XSS)and cross-site request forgery(CSRF)that could allow an attacker to obtain sensitive patient information.

VU#168699: dotCMS contains multiple vulnerabilities

The dotCMS administration panel is vulnerable to cross-site request forgery,and the"Push Publishing"feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected.

VU#377260: Up.time agent for Windows contains multiple vulnerabilities

The Up.time client for Windows is vulnerable to an format string attack as well as a buffer overflow,and may allow unauthenticated users to perform certain commands.

VU#143335: mDNSResponder contains multiple memory-based vulnerabilities

mDNSResponder contains multiple memory-based vulnerabilities Original Release date: 20 Jun 2016 | Last revised: 20 Jun 2016 Overview mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. mDNSResponder version 379.27 and above prior to version 625.41.2 is vulnerable to several buffer overflow vulnerabilities, as well as a null pointer dereference. Description CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-7987 Improper bounds checking in "GetValueForIPv4Addr()", "GetValueForMACAddr()", "rfc3110_import()", and "CopyNSEC3ResourceRecord()" functions may allow an attacker to read or write memory.CWE-476: NULL Pointer Dereference - CVE-2015-7988Improper input validation in "handle_regservice_request()" may allow an attacker to execute arbitrary code or cause a denial of service.Apple has also issued a security advisory for these issues.mDNSResponder-379.27 and later before mDNSResponder-625.41.2 are vulnerable to both issues.

The CVSS score below is based on CVE-2015-7987. Impact A remote attacker may be able to execute arbitrary code or cause a denial of service on the system running mDNSResponder. Solution Apply an updatemDNSResponder 625.41.2 has been released to address these issues.

Affected users should update as soon as possible. Vendor Information (Learn More) Vendor Status Date Notified Date Updated Android Open Source Project Affected 03 Nov 2015 27 Jan 2016 Apple Affected 16 Oct 2015 23 Oct 2015 Arista Networks, Inc. Not Affected 22 Jan 2016 15 Feb 2016 CoreOS Not Affected 22 Jan 2016 25 Jan 2016 Debian GNU/Linux Not Affected 23 Oct 2015 23 Oct 2015 Fedora Project Not Affected 23 Oct 2015 22 Jan 2016 Infoblox Not Affected 22 Jan 2016 25 Jan 2016 Intel Corporation Not Affected 22 Jan 2016 25 Jan 2016 Red Hat, Inc. Not Affected 23 Oct 2015 22 Jan 2016 ACCESS Unknown 21 Mar 2016 21 Mar 2016 Alcatel-Lucent Unknown 21 Mar 2016 21 Mar 2016 Arch Linux Unknown 23 Oct 2015 23 Oct 2015 Aruba Networks Unknown 21 Mar 2016 21 Mar 2016 AT&T Unknown 21 Mar 2016 21 Mar 2016 Avaya, Inc. Unknown 22 Jan 2016 22 Jan 2016 If you are a vendor and your product is affected, let us know.View More »CVSS Metrics (Learn More) Group Score Vector Base 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Temporal 5.3 E:POC/RL:OF/RC:C Environmental 4.0 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND References Credit Thanks to Apple for reporting this issue to us and working with us to coordinate the fix with vendors. This document was written by Garret Wassermann. Other Information CVE IDs: CVE-2015-7987 CVE-2015-7988 Date Public: 20 Jun 2016 Date First Published: 20 Jun 2016 Date Last Updated: 20 Jun 2016 Document Revision: 82 Feedback If you have feedback, comments, or additional information about this vulnerability, please send us email.

VU#251927: CalAmp LMU-3030 devices may not authenticate SMS interface

OBD-II devices are used to provide telematics information for managers of fleets of vehicles. One type of device,manufactured by CalAmp,has an SMS(text message)interface. We have found multiple deployments where no password was configured for this interface by the integrator/reseller.

Companies using the CalAmp hardware should be aware that they need to set a password or disable SMS.
Vendors were notified and the SMS interface was disabled or password-protected by all vendors known to be affected.

VU#155412: Samsung Galaxy S phones fail to properly validate SwiftKey language...

Samsung Galaxy S phones,including the S4 Mini,S4,S5,and S6,fail to properly validate Swiftkey language pack updates.

VU#432608: IBM Notes Traveler for Android transmits user credentials over HTTP

The IBM Notes Traveler application for Android does not enforce the use of HTTPS for transmitting user credentials,which can allow an attacker to obtain this information.

VU#316888: MobaXterm server may allow arbitrary command injection due to missing...

The MobaXterm server prior to verion 8.3 is vulnerable to arbitrary command injection over port 6000 when using default X11 settings.