Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0083 Multiple vulnerabilities have been identified in Tenable SecurityCenter prior to versions 4.6.x, 4.7.x, 4.8.x. 22 July 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Tenable SecurityCenter Operating System: Red Hat Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-3515 CVE-2014-4049 CVE-2014-0098 Member content until: Thursday, August 21 2014 OVERVIEW Multiple vulnerabilities have been identified in Tenable SecurityCenter prior to versions 4.6.x, 4.7.x, 4.8.x. [1] IMPACT The following details have been disclosed by the vendor: [1] CVE-2014-3515 - PHP unserialize() Call SPL ArrayObject / SPLObjectStorage Type Confusion Remote Code Execution PHP contains an type confusion flaw that is triggered when performing an unserialize() call to SPL ArrayObject or SPLObjectStorage in the SPL component. This may allow a remote attacker with the ability to pass data to these handlers to cause a denial of service or potentially execute arbitrary code. Note that you must be logged in with a SecurityCenter user account and authenticated with proper privileges in order to leverage the API in a fashion to exploit this vulnerability. CVE-2014-4049 - PHP ext/standard/dns.c php_parserr() Function DNS TXT Record Parsing Heap Buffer Overflow PHP contains an overflow condition in the php_parserr() function in ext/standard/dns.c that is triggered when parsing DNS TXT records. With a specially crafted DNS response, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. Also note that additional PHP vulnerabilities affiliated with the two listed above do not affect SecurityCenter. These include CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3981, and CVE-2014-3981. CVE-2014-0098 - Apache HTTP Server mod_log_config Module mod_log_config.c log_cookie Function Malformed Cookie Handling Remote DoS Apache HTTP Server contains a flaw in the mod_log_config module that is triggered when logging a cookie with an unassigned value. With a specially crafted request, a remote attacker can cause the service to crash." [1] MITIGATION Tenable recommends that customers apply the latest patch fix to resolve these issues. [1] REFERENCES [1] PHP / Apache Vulnerabilities Affect Tenable SecurityCenter http://www.tenable.com/security/tns-2014-04 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU83UrhLndAQH1ShLAQJkrhAAroI7dKESv9IIbRNKREnajOgnNaRsLp7s FyqNoO0rhjIguogcwrA0EOCWYutYcX5pNk1aCRpahSlgKe0aCsNlLsOaEkA+fS04 6UIPrD9j8X6fs4UsU71gpr9IxtlvQX92lPf2aNEu0rZCMIif0LAry5Pl/05G2Swc ueG0pltGwmWCm/tTtvvqI0/1MNEW/gUTFgsoS5lUHlo6bwS1cbwbZRw8QURRgd/r 7oUqee2D0RJsG2mA53AnyRQRmnF1TLZ7L5bSdc840rS7Jl0xC1vd1I3iJhO+EuVC T1Q5zKZDM+or5sz5JXfK0D03hPZa2ctSxEyKLVS+vIcq+Ji6WojoFfdb+vOgBDPi ho395Umm2iUNdBHEMhKmyAILeX3MGkMrmjeOBCPVrl+MJ34k4n6vx27WH+56N0z9 V05ITbpaQ59wRmVpHm4bzYbqG1v/SNYnV5N9UjkDRZLYqSqEq6BFPY4Amlq+4zaE zYF4kY7AXaPbMCtnpb4nE4F+l10gxv8vUWAm4VbuXkqRixzIT+7i7e8/rKsllqaI yIw0JhUnE6GOYD0zfFuP2/IuYjMXyphCx5SiKI8/h/KzgvOEiuKEKWk2V771sjai nyYm0YCL8Q/K8+KC2BLSg44zwcTh2fifT16V5mHk5UiEWZdwfZ4HrWkKqi5UxubJ 9jK2SUpoDHQ= =1NBW -----END PGP SIGNATURE-----