-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0083
         Multiple vulnerabilities have been identified in Tenable
           SecurityCenter prior to versions 4.6.x, 4.7.x, 4.8.x.
                               22 July 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Tenable SecurityCenter
Operating System:     Red Hat
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Denial of Service               -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2014-3515 CVE-2014-4049 CVE-2014-0098
Member content until: Thursday, August 21 2014

OVERVIEW

        Multiple vulnerabilities have been identified in Tenable 
        SecurityCenter prior to versions 4.6.x, 4.7.x, 4.8.x. [1]


IMPACT

        The following details have been disclosed by the vendor:
        
        [1] CVE-2014-3515 - PHP unserialize() Call SPL ArrayObject / 
        SPLObjectStorage Type Confusion Remote Code Execution
        
        PHP contains an type confusion flaw that is triggered when 
        performing an unserialize() call to SPL ArrayObject or 
        SPLObjectStorage in the SPL component. This may allow a remote 
        attacker with the ability to pass data to these handlers to cause a
        denial of service or potentially execute arbitrary code.
        
        Note that you must be logged in with a SecurityCenter user account 
        and authenticated with proper privileges in order to leverage the 
        API in a fashion to exploit this vulnerability. CVE-2014-4049 - PHP
        ext/standard/dns.c php_parserr() Function DNS TXT Record Parsing 
        Heap Buffer Overflow
        
        PHP contains an overflow condition in the php_parserr() function in
        ext/standard/dns.c that is triggered when parsing DNS TXT records. 
        With a specially crafted DNS response, a context-dependent attacker
        can cause a heap-based buffer overflow, resulting in a denial of 
        service or potentially allowing the execution of arbitrary code.
        
        Also note that additional PHP vulnerabilities affiliated with the 
        two listed above do not affect SecurityCenter. These include 
        CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, 
        CVE-2014-3487, CVE-2014-3981, and CVE-2014-3981. CVE-2014-0098 - 
        Apache HTTP Server mod_log_config Module mod_log_config.c log_cookie
        Function Malformed Cookie Handling Remote DoS
        
        Apache HTTP Server contains a flaw in the mod_log_config module that
        is triggered when logging a cookie with an unassigned value. With a
        specially crafted request, a remote attacker can cause the service 
        to crash." [1]


MITIGATION

        Tenable recommends that customers apply the latest patch fix to 
        resolve these issues. [1]


REFERENCES

        [1] PHP / Apache Vulnerabilities Affect Tenable SecurityCenter
            http://www.tenable.com/security/tns-2014-04

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU83UrhLndAQH1ShLAQJkrhAAroI7dKESv9IIbRNKREnajOgnNaRsLp7s
FyqNoO0rhjIguogcwrA0EOCWYutYcX5pNk1aCRpahSlgKe0aCsNlLsOaEkA+fS04
6UIPrD9j8X6fs4UsU71gpr9IxtlvQX92lPf2aNEu0rZCMIif0LAry5Pl/05G2Swc
ueG0pltGwmWCm/tTtvvqI0/1MNEW/gUTFgsoS5lUHlo6bwS1cbwbZRw8QURRgd/r
7oUqee2D0RJsG2mA53AnyRQRmnF1TLZ7L5bSdc840rS7Jl0xC1vd1I3iJhO+EuVC
T1Q5zKZDM+or5sz5JXfK0D03hPZa2ctSxEyKLVS+vIcq+Ji6WojoFfdb+vOgBDPi
ho395Umm2iUNdBHEMhKmyAILeX3MGkMrmjeOBCPVrl+MJ34k4n6vx27WH+56N0z9
V05ITbpaQ59wRmVpHm4bzYbqG1v/SNYnV5N9UjkDRZLYqSqEq6BFPY4Amlq+4zaE
zYF4kY7AXaPbMCtnpb4nE4F+l10gxv8vUWAm4VbuXkqRixzIT+7i7e8/rKsllqaI
yIw0JhUnE6GOYD0zfFuP2/IuYjMXyphCx5SiKI8/h/KzgvOEiuKEKWk2V771sjai
nyYm0YCL8Q/K8+KC2BLSg44zwcTh2fifT16V5mHk5UiEWZdwfZ4HrWkKqi5UxubJ
9jK2SUpoDHQ=
=1NBW
-----END PGP SIGNATURE-----