원본기사확인하기: [US-CERT: Bulletin(SB14-181)] 2014년 6월 23일까지 발표된 보안 취약점
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cacti -- superlinks | SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2014-06-25 | 7.5 | CVE-2014-4644 |
| freefloat -- freefloat_ftp_server | Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command. | 2014-06-20 | 10.0 | CVE-2012-5106 |
| hans_alshoff -- minalic | Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote attackers to execute arbitrary code via a (1) session_id cookie in a request to the get_cookie_value function in response.c, (2) directory name in a request to the add_default_file function in response.c, or (3) file name in a request to the retrieve_physical_file_name_or_brows function in response.c. | 2014-06-20 | 7.5 | CVE-2012-0273 |
| ibm -- security_access_manager_for_mobile_software | The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials. | 2014-06-21 | 8.0 | CVE-2014-3053 |
| ibm -- security_access_manager_for_mobile_software | Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors. | 2014-06-21 | 10.0 | CVE-2014-3073 |
| linux -- linux_kernel | The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root. | 2014-06-23 | 7.2 | CVE-2014-4014 |
| redhat -- openshift | cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. | 2014-06-20 | 10.0 | CVE-2014-3496 |
| theforeman -- foreman | The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file. | 2014-06-20 | 7.5 | CVE-2014-0007 |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 12net -- login_rebuilder | Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users. | 2014-06-25 | 6.8 | CVE-2014-3882 |
| cisco -- webex_meetings_server | The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527. | 2014-06-21 | 4.0 | CVE-2014-3296 |
| cisco -- ios | Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745. | 2014-06-25 | 6.8 | CVE-2014-3299 |
| coreftp -- core_ftp | Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command. | 2014-06-25 | 5.0 | CVE-2014-4643 |
| d-link -- dir-601 | Directory traversal vulnerability in the TFTP server in D-Link DIR-601 Wireless N150 Home Router with firmware 1.02NA allows remote attackers to read arbitrary files via unspecified vectors. | 2014-06-20 | 5.0 | CVE-2011-4821 |
| d-link -- dsl-2760u-e1 | Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname. | 2014-06-25 | 4.3 | CVE-2014-4645 |
| emailarchitect -- emailarchitect_email_server | Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email. | 2014-06-20 | 4.3 | CVE-2012-2591 |
| gnupg -- gnupg | The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. | 2014-06-25 | 5.0 | CVE-2014-4617 |
| ibm -- storwize_unified_v7000_software | IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied. | 2014-06-21 | 4.0 | CVE-2013-6737 |
| linux -- linux_kernel | The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call. | 2014-06-23 | 4.9 | CVE-2014-0203 |
| linux -- linux_kernel | arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem. | 2014-06-23 | 4.6 | CVE-2014-4157 |
| linux -- linux_kernel | mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. | 2014-06-23 | 4.7 | CVE-2014-4171 |
| linux -- linux_kernel | arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. | 2014-06-23 | 4.7 | CVE-2014-4508 |
| linuxfoundation -- cups-filters | The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | 2014-06-22 | 5.8 | CVE-2014-4336 |
| linuxfoundation -- cups-filters | The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data. | 2014-06-22 | 4.3 | CVE-2014-4337 |
| linuxfoundation -- cups-filters | cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. | 2014-06-22 | 4.0 | CVE-2014-4338 |
| longtailvideo -- jw_player_for_flash_&_html5_video_plugin | Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php. | 2014-06-25 | 6.8 | CVE-2014-4030 |
| novell -- identity_manager | The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters. | 2014-06-21 | 4.6 | CVE-2014-4509 |
| roger_padilla_camacho -- easy_breadcrumb | Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2014-06-20 | 4.3 | CVE-2014-4505 |
| sophos -- enterprise_console | Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically proximate attackers to obtain desktop access by leveraging the absence of a login screen. | 2014-06-25 | 4.7 | CVE-2014-2005 |
| symantec -- encryption_desktop | Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors. | 2014-06-21 | 4.3 | CVE-2014-3431 |
| symantec -- data_insight | Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. | 2014-06-27 | 4.3 | CVE-2014-3432 |
| symantec -- data_insight | Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue. | 2014-06-27 | 4.3 | CVE-2014-3433 |
| theforeman -- foreman | Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file. | 2014-06-20 | 6.4 | CVE-2014-4507 |
| wayne_allen -- postie | Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email. | 2014-06-20 | 4.3 | CVE-2012-2580 |
| webmin -- usermin | Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. | 2014-06-21 | 6.8 | CVE-2014-3883 |
| wp_simplemail_project -- wp_simplemail | Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email. | 2014-06-20 | 4.3 | CVE-2012-2579 |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ibm -- security_access_manager_for_web_appliance | The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance. | 2014-06-21 | 3.3 | CVE-2014-3052 |
| linux -- linux_kernel | Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value. | 2014-06-25 | 2.1 | CVE-2014-0206 |
| linux -- linux_kernel | The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. | 2014-06-23 | 1.7 | CVE-2014-1739 |
| linux -- linux_kernel | The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. | 2014-06-23 | 2.3 | CVE-2014-4027 |
| louis_jimenez -- custom_meta | Cross-site scripting (XSS) vulnerability in the Custom Meta module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 allows remote authenticated users with the "administer custom meta settings" permission to inject arbitrary web script or HTML via (1) an attribute or (2) content value for a meta tag. | 2014-06-20 | 2.1 | CVE-2014-4506 |
| phpmyadmin -- phpmyadmin | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables. | 2014-06-25 | 3.5 | CVE-2014-4348 |
| phpmyadmin -- phpmyadmin | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action. | 2014-06-25 | 3.5 | CVE-2014-4349 |
| samba -- samba | The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. | 2014-06-23 | 3.3 | CVE-2014-0244 |
| samba -- samba | The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference. | 2014-06-23 | 2.7 | CVE-2014-3493 |
원본기사확인하기: [US-CERT: Bulletin(SB14-181)] 2014년 6월 23일까지 발표된 보안 취약점
'IT 와 Social 이야기 > Security' 카테고리의 다른 글
| [IBM Security Systems] 5 Easy Steps to Securing Workloads on Public Clouds (0) | 2014.07.08 |
|---|---|
| [Gerardo Pardo-Castellote] DDS Security Specification (Adopted Beta 1 June 2014) (0) | 2014.07.07 |
| [펜타시스템테크놀러지 고등기술연구소] 빅데이터 기술을 적용한 차세대 보안 핵심 신기술의 최적 적용 및 활용 방안 (0) | 2014.06.27 |
| [Cisco Business Insights] Cisco 2014 Annual Security Report (0) | 2014.06.27 |
| [김홍진] 보안컨설팅 이해 및 BoB 보안컨설팅 인턴쉽 (0) | 2014.06.26 |