{"securityvulns": [{"lastseen": "2018-08-31T11:11:01", "references": [], "description": "\r\n\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04765115\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04765115\r\nVersion: 1\r\n\r\nHPSBMU03396 rev.1 - HP Version Control Repository Manager (VCRM) on Windows\r\nand Linux, Multiple Vulnerabilities\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2015-08-24\r\nLast Updated: 2015-08-24\r\n\r\nPotential Security Impact: Remote Denial of Service (DoS), execution of\r\narbitrary code, unauthorized modification, unauthorized access, disclosure of\r\ninformation, cross-site request forgery (CSRF), elevation of privilege\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP Version\r\nControl Repository Manager (VCRM) on Windows and Linux. The vulnerabilities\r\ncould be exploited remotely resulting in Denial of Service (DoS), execution\r\nof arbitrary code, unauthorized modification, unauthorized access, disclosure\r\nof information, cross-site request forgery (CSRF), or elevation of privilege.\r\n\r\nReferences:\r\n\r\nCVE-2014-3569 - Remote Denial of Service (DoS)\r\nCVE-2014-3570 - Remote Disclosure of Information\r\nCVE-2014-3571 - Remote Denial of Service (DoS)\r\nCVE-2014-3572 - Remote Disclosure of Information\r\nCVE-2014-8275 - Remote Unauthorized Modification\r\nCVE-2015-0204 - Remote Disclosure of Information\r\nCVE-2015-0205 - Remote Unauthorized Access\r\nCVE-2015-0206 - Remote Denial of Service (DoS)\r\nCVE-2015-5409 - Remote Buffer overflow\r\nCVE-2015-5410 - Remote Denial of Service (DoS), Unauthorized Access,\r\nExecution of Arbitrary Code, Unauthorized Modification\r\nCVE-2015-5411 - Remote Disclosure of Information\r\nCVE-2015-5412 - Cross-Site Request Forgery (CSRF)\r\nCVE-2015-5413 - Remote Elevation of Privilege\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Version Control Repository Manager (VCRM) prior to version 7.5.0\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\r\nCVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\r\nCVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\r\nCVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\r\nCVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\r\nCVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2015-5409 (AV:L/AC:L/Au:S/C:N/I:P/A:C) 5.2\r\nCVE-2015-5410 (AV:L/AC:M/Au:S/C:N/I:P/A:C) 5.0\r\nCVE-2015-5411 (AV:L/AC:M/Au:S/C:C/I:N/A:N) 4.4\r\nCVE-2015-5412 (AV:L/AC:M/Au:S/C:P/I:C/A:N) 5.0\r\nCVE-2015-5413 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made the following software updates available to resolve the\r\nvulnerabilities for the impacted versions of HP Version Control Repository\r\nManager (VCRM).\r\n\r\nPlease download the latest version of HP Version Control Repository Manager\r\n(VCRM).7.5.0 from the following locations:\r\n\r\nFor Windows:\r\n\r\nhttp://www.hp.com/swpublishing/MTX-20861d704bc04221a1518b7cb6\r\n\r\nFor Linux please install the latest version of HP Systems Insight Manager,\r\navailable from this location:\r\n\r\nhttp://h20566.www2.hpe.com/hpsc/doc/public/display?calledBy=Search_Result&doc\r\nId=emr_na-c04771934&docLocale=en_US\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 24 August 2015 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2015 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-09-14T00:00:00", "title": "[security bulletin] HPSBMU03396 rev.1 - HP Version Control Repository Manager (VCRM) on Windows and Linux, Multiple Vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:11:01", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2015-5411", "CVE-2015-5410", "CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-5413", "CVE-2015-0204", "CVE-2015-5412", "CVE-2015-5409", "CVE-2015-0205", "CVE-2014-3569"], "modified": "2015-09-14T00:00:00", "id": "SECURITYVULNS:DOC:32492", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32492", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32492"], "description": "Information disclosure, DoS, unauthorized access, buffer overflow, privilege escalation, crossite scripting.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-09-14T00:00:00", "title": "HP Version Control Repository Manager multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "HP Version Control Repository Manager", "version": "7.4", "operator": "eq"}], "cvelist": ["CVE-2015-5411", "CVE-2015-5410", "CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-5413", "CVE-2015-0204", "CVE-2015-5412", "CVE-2015-5409", "CVE-2015-0205", "CVE-2014-3569"], "modified": "2015-09-14T00:00:00", "id": "SECURITYVULNS:VULN:14678", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14678", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:51:54", "references": ["http://www.nessus.org/u?fb234a62", "https://www.openssl.org/news/secadv_20150108.txt", "https://www.smacktls.com/#freak"], "pluginID": "85802", "description": "The version of HP Version Control Repository Manager (VCRM) installed on the remote Windows host is prior to 7.5.0. It is, therefore, affected by multiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages.\n A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)\n\n - An unspecified buffer overflow condition exists in VCRM due to improper validation of user-supplied input. A remote, authenticated attacker can exploit this to cause a denial of service or execute arbitrary code.\n (CVE-2015-5409)\n\n - An unspecified flaw exists in VCRM that allows a remote, authenticated attacker to modify values without proper authorization, gain unspecified access, cause a denial of service, or execute arbitrary code. (CVE-2015-5410)\n\n - An unspecified flaw exists in VCRM that allows a remote, authenticated attacker to gain access to sensitive information. (CVE-2015-5411, CVE-2015-5413)\n\n - A flaw exists in VCRM when handling certain sensitive actions due to HTTP requests not requiring multiple steps, explicit confirmation, or a unique token. A remote, authenticated attacker can exploit this to conduct a cross-site request forgery attack via a specially crafted link. (CVE-2015-5412)", "edition": 6, "reporter": "Tenable", "published": "2015-09-04T00:00:00", "title": "HP Version Control Repository Manager < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5411", "CVE-2015-5410", "CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-5413", "CVE-2015-0204", "CVE-2015-5412", "CVE-2015-5409", "CVE-2015-0205", "CVE-2014-3569"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/a:hp:version_control_repository_manager"], "id": "HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85802", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85802);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/12 19:01:17\");\n\n script_cve_id(\n \"CVE-2014-3569\",\n \"CVE-2014-3570\",\n \"CVE-2014-3571\",\n \"CVE-2014-3572\",\n \"CVE-2014-8275\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\",\n \"CVE-2015-5409\",\n \"CVE-2015-5410\",\n \"CVE-2015-5411\",\n \"CVE-2015-5412\",\n \"CVE-2015-5413\"\n );\n script_bugtraq_id(\n 71941,\n 71942,\n 71936,\n 71939,\n 71940,\n 71934,\n 71935,\n 71937\n );\n script_xref(name:\"CERT\", value:\"243585\");\n script_xref(name:\"HP\", value:\"emr_na-c04765115\");\n script_xref(name:\"HP\", value:\"HPSBMU03396\");\n\n script_name(english:\"HP Version Control Repository Manager < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)\");\n script_summary(english:\"Checks the version of HP VCRM.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of HP Version Control Repository Manager (VCRM) installed\non the remote Windows host is prior to 7.5.0. It is, therefore,\naffected by multiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists when the SSLv3\n option isn't enabled and an SSLv3 ClientHello is\n received. This allows a remote attacker, using an\n unexpected handshake, to crash the daemon, resulting in\n a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not\n properly calculate the square of a BIGNUM value. This\n allows remote attackers to defeat cryptographic\n protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists in the\n dtls1_get_record() function when handling DTLS messages.\n A remote attacker, using a specially crafted DTLS\n message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA\n certificate without a ServerKeyExchange message. This\n allows a remote attacker to trigger a loss of forward\n secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of\n certificate signature algorithms and signature encodings\n due to a lack of enforcement of matches between signed\n and unsigned portions. A remote attacker, by including\n crafted data within a certificate's unsigned portion,\n can bypass fingerprint-based certificate-blacklist\n protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists due to the\n support of weak EXPORT_RSA cipher suites with keys less\n than or equal to 512 bits. A man-in-the-middle attacker\n may be able to downgrade the SSL/TLS connection to use\n EXPORT_RSA cipher suites which can be factored in a\n short amount of time, allowing the attacker to intercept\n and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client\n authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the\n service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record() when\n handling a saturation of DTLS records containing the\n same number sequence but for the next epoch. This allows\n a remote attacker to cause a denial of service.\n (CVE-2015-0206)\n\n - An unspecified buffer overflow condition exists in VCRM\n due to improper validation of user-supplied input. A\n remote, authenticated attacker can exploit this to cause\n a denial of service or execute arbitrary code.\n (CVE-2015-5409)\n\n - An unspecified flaw exists in VCRM that allows a remote,\n authenticated attacker to modify values without proper\n authorization, gain unspecified access, cause a denial of\n service, or execute arbitrary code. (CVE-2015-5410)\n\n - An unspecified flaw exists in VCRM that allows a remote,\n authenticated attacker to gain access to sensitive\n information. (CVE-2015-5411, CVE-2015-5413)\n\n - A flaw exists in VCRM when handling certain sensitive\n actions due to HTTP requests not requiring multiple\n steps, explicit confirmation, or a unique token. A\n remote, authenticated attacker can exploit this to\n conduct a cross-site request forgery attack via a\n specially crafted link. (CVE-2015-5412)\");\n # http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765115\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb234a62\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv_20150108.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to HP Version Control Repository Manager 7.5.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:version_control_repository_manager\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"hp_version_control_repo_manager_installed.nbin\");\n script_require_keys(\"installed_sw/HP Version Control Repository Manager\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nappname = \"HP Version Control Repository Manager\";\ninstall = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\nif (ver_compare(ver:version, fix:'7.5.0.0', strict:FALSE) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.5.0.0' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:32:56", "references": ["http://www.nessus.org/u?fb234a62", "https://www.openssl.org/news/secadv_20150108.txt", "https://www.smacktls.com/#freak"], "pluginID": "85803", "description": "The version of HP Version Control Repository Manager (VCRM) installed on the remote Linux host is prior to 7.5.0. It is, therefore, affected by multiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages.\n A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service.\n (CVE-2015-0206)\n\n - An unspecified buffer overflow condition exists in VCRM due to improper validation of user-supplied input. A remote, authenticated attacker can exploit this to cause a denial of service or execute arbitrary code.\n (CVE-2015-5409)\n\n - An unspecified flaw exists in VCRM that allows a remote, authenticated attacker to modify values without proper authorization, gain unspecified access, cause a denial of service, or execute arbitrary code. (CVE-2015-5410)\n\n - An unspecified flaw exists in VCRM that allows a remote, authenticated attacker to gain access to sensitive information. (CVE-2015-5411, CVE-2015-5413)\n\n - A flaw exists in VCRM when handling certain sensitive actions due to HTTP requests not requiring multiple steps, explicit confirmation, or a unique token. A remote, authenticated attacker can exploit this to conduct a cross-site request forgery attack via a specially crafted link. (CVE-2015-5412)", "edition": 6, "reporter": "Tenable", "published": "2015-09-04T00:00:00", "title": "HP Version Control Repository Manager for Linux < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Misc.", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-5411", "CVE-2015-5410", "CVE-2014-3572", "CVE-2015-0206", "CVE-2014-3571", "CVE-2014-8275", "CVE-2014-3570", "CVE-2015-5413", "CVE-2015-0204", "CVE-2015-5412", "CVE-2015-5409", "CVE-2015-0205", "CVE-2014-3569"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/a:hp:version_control_repository_manager"], "id": "HP_VERSION_CONTROL_REPO_MANAGER_7_5_0_NIX.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85803", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85803);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/12 19:01:16\");\n\n script_cve_id(\n \"CVE-2014-3569\",\n \"CVE-2014-3570\",\n \"CVE-2014-3571\",\n \"CVE-2014-3572\",\n \"CVE-2014-8275\",\n \"CVE-2015-0204\",\n \"CVE-2015-0205\",\n \"CVE-2015-0206\",\n \"CVE-2015-5409\",\n \"CVE-2015-5410\",\n \"CVE-2015-5411\",\n \"CVE-2015-5412\",\n \"CVE-2015-5413\"\n );\n script_bugtraq_id(\n 71941,\n 71942,\n 71936,\n 71939,\n 71940,\n 71934,\n 71935,\n 71937\n );\n script_xref(name:\"CERT\", value:\"243585\");\n script_xref(name:\"HP\", value:\"emr_na-c04765115\");\n script_xref(name:\"HP\", value:\"HPSBMU03396\");\n\n script_name(english:\"HP Version Control Repository Manager for Linux < 7.5.0 Multiple Vulnerabilities (HPSBMU03396) (FREAK)\");\n script_summary(english:\"Checks the version of HP VCRM.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Linux host has an application installed that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of HP Version Control Repository Manager (VCRM) installed\non the remote Linux host is prior to 7.5.0. It is, therefore, affected\nby multiple vulnerabilities :\n\n - A NULL pointer dereference flaw exists when the SSLv3\n option isn't enabled and an SSLv3 ClientHello is\n received. This allows a remote attacker, using an\n unexpected handshake, to crash the daemon, resulting in\n a denial of service. (CVE-2014-3569)\n\n - The BIGNUM squaring (BN_sqr) implementation does not\n properly calculate the square of a BIGNUM value. This\n allows remote attackers to defeat cryptographic\n protection mechanisms. (CVE-2014-3570)\n\n - A NULL pointer dereference flaw exists in the\n dtls1_get_record() function when handling DTLS messages.\n A remote attacker, using a specially crafted DTLS\n message, can cause a denial of service. (CVE-2014-3571)\n\n - A flaw exists with ECDH handshakes when using an ECDSA\n certificate without a ServerKeyExchange message. This\n allows a remote attacker to trigger a loss of forward\n secrecy from the ciphersuite. (CVE-2014-3572)\n\n - A flaw exists when accepting non-DER variations of\n certificate signature algorithms and signature encodings\n due to a lack of enforcement of matches between signed\n and unsigned portions. A remote attacker, by including\n crafted data within a certificate's unsigned portion,\n can bypass fingerprint-based certificate-blacklist\n protection mechanisms. (CVE-2014-8275)\n\n - A security feature bypass vulnerability, known as FREAK\n (Factoring attack on RSA-EXPORT Keys), exists due to the\n support of weak EXPORT_RSA cipher suites with keys less\n than or equal to 512 bits. A man-in-the-middle attacker\n may be able to downgrade the SSL/TLS connection to use\n EXPORT_RSA cipher suites which can be factored in a\n short amount of time, allowing the attacker to intercept\n and decrypt the traffic. (CVE-2015-0204)\n\n - A flaw exists when accepting DH certificates for client\n authentication without the CertificateVerify message.\n This allows a remote attacker to authenticate to the\n service without a private key. (CVE-2015-0205)\n\n - A memory leak occurs in dtls1_buffer_record() when\n handling a saturation of DTLS records containing the\n same number sequence but for the next epoch. This allows\n a remote attacker to cause a denial of service.\n (CVE-2015-0206)\n\n - An unspecified buffer overflow condition exists in VCRM\n due to improper validation of user-supplied input. A\n remote, authenticated attacker can exploit this to cause\n a denial of service or execute arbitrary code.\n (CVE-2015-5409)\n\n - An unspecified flaw exists in VCRM that allows a remote,\n authenticated attacker to modify values without proper\n authorization, gain unspecified access, cause a denial of\n service, or execute arbitrary code. (CVE-2015-5410)\n\n - An unspecified flaw exists in VCRM that allows a remote,\n authenticated attacker to gain access to sensitive\n information. (CVE-2015-5411, CVE-2015-5413)\n\n - A flaw exists in VCRM when handling certain sensitive\n actions due to HTTP requests not requiring multiple\n steps, explicit confirmation, or a unique token. A\n remote, authenticated attacker can exploit this to\n conduct a cross-site request forgery attack via a\n specially crafted link. (CVE-2015-5412)\");\n # http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765115\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb234a62\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv_20150108.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.smacktls.com/#freak\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to HP Version Control Repository Manager for Linux 7.5.0 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:version_control_repository_manager\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"hp_version_control_repo_manager_installed_nix.nasl\");\n script_require_keys(\"installed_sw/HP Version Control Repository Manager for Linux\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"HP Version Control Repository Manager for Linux\";\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nver = install[\"version\"];\npath = install[\"path\" ];\nport = 0;\n\nif (ver_compare(ver:ver, fix:\"7.5.0\", strict:FALSE) >= 0) audit(AUDIT_INST_PATH_NOT_VULN, app_name, ver, path);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : 7.5.0' +\n '\\n';\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:COMPLETE/"}}]}
