본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB16-214)] 2016년 7월 25일까지 발표된 보안 취약점

by manga0713 2016. 8. 2.

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
ca -- ehealth CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. 2016-07-25 9.0 CVE-2016-6151
CONFIRM(link is external)
ca -- ehealth CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. 2016-07-25 9.0 CVE-2016-6152
CONFIRM(link is external)
cisco -- unified_computing_system_performance_manager The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827. 2016-07-27 9.0 CVE-2016-1374
CISCO(link is external)
google -- chrome The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc. 2016-07-23 9.3 CVE-2016-1706
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
icu_project -- international_components_for_unicode The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. 2016-07-25 7.5 CVE-2016-6293
MISC(link is external)
MLIST(link is external)
MISC(link is external)
php -- php The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type. 2016-07-25 7.5 CVE-2016-6288
CONFIRM(link is external)
MLIST(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
php -- php ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization. 2016-07-25 7.5 CVE-2016-6290
CONFIRM(link is external)
MLIST(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
php -- php The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image. 2016-07-25 7.5 CVE-2016-6291
CONFIRM(link is external)
MLIST(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
php -- php The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument. 2016-07-25 7.5 CVE-2016-6294
CONFIRM(link is external)
MLIST(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
php -- php ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773. 2016-07-25 7.5 CVE-2016-6295
CONFIRM(link is external)
MLIST(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
php -- php Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function. 2016-07-25 7.5 CVE-2016-6296
CONFIRM(link is external)
MLIST(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
rockwellautomation -- factorytalk_energrymetrix SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2016-07-27 7.5 CVE-2016-4522
MISC
rockwellautomation -- factorytalk_energrymetrix Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. 2016-07-27 7.5 CVE-2016-4531
MISC
siemens -- simatic_batch Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets. 2016-07-22 10.0 CVE-2016-5743
CONFIRM(link is external)
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- archiva Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to admin/addProxyConnector_commit.action, (2) new repositories via the token parameter to admin/addRepository_commit.action, (3) edit existing repositories via the token parameter to admin/editRepository_commit.action, (4) add legacy artifact paths via the token parameter to admin/addLegacyArtifactPath_commit.action, (5) change the organizational appearance via the token parameter to admin/saveAppearance.action, or (6) upload new artifacts via the token parameter to upload_submit.action. 2016-07-28 6.8 CVE-2016-4469
MISC(link is external)
BUGTRAQ(link is external)
cisco -- wireless_lan_controller_software Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and 8.0(0.30220.385) allow remote attackers to cause a denial of service via crafted wireless management frames, aka Bug ID CSCun92979. 2016-07-27 6.1 CVE-2016-1460
CISCO(link is external)
cisco -- prime_service_catalog Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Service Catalog (PSC) 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuz63795. 2016-07-27 4.3 CVE-2016-1462
CISCO(link is external)
cisco -- firesight_system_software Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737. 2016-07-27 5.0 CVE-2016-1463
CISCO(link is external)
cisco -- nx-os Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Discovery Protocol packet that triggers an out-of-bounds memory access, aka Bug ID CSCuw57985. 2016-07-27 6.1 CVE-2016-1465
CISCO(link is external)
cisco -- videoscape_session_resource_manager Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813. 2016-07-27 6.1 CVE-2016-1467
CISCO(link is external)
google -- chrome Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2016-07-23 6.8 CVE-2016-1705
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
google -- chrome ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site. 2016-07-23 4.3 CVE-2016-1707
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
google -- chrome The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. 2016-07-23 6.8 CVE-2016-1708
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
google -- chrome Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font. 2016-07-23 6.8 CVE-2016-1709
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
google -- chrome The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. 2016-07-23 6.8 CVE-2016-1710
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
google -- chrome WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. 2016-07-23 6.8 CVE-2016-1711
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
google -- chrome Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element. 2016-07-23 6.8 CVE-2016-5127
CONFIRM(link is external)
CONFIRM
CONFIRM
CONFIRM(link is external)
google -- chrome objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. 2016-07-23 6.8 CVE-2016-5128
CONFIRM(link is external)
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM(link is external)
google -- chrome Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. 2016-07-23 6.8 CVE-2016-5129
CONFIRM(link is external)
CONFIRM
CONFIRM
CONFIRM
CONFIRM(link is external)
google -- chrome content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. 2016-07-23 4.3 CVE-2016-5130
CONFIRM(link is external)
CONFIRM
CONFIRM
CONFIRM
CONFIRM(link is external)
google -- chrome Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. 2016-07-23 6.8 CVE-2016-5131
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
google -- chrome The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element. 2016-07-23 6.8 CVE-2016-5132
CONFIRM(link is external)
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM(link is external)
google -- chrome Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. 2016-07-23 4.3 CVE-2016-5133
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
google -- chrome net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763. 2016-07-23 4.3 CVE-2016-5134
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
google -- chrome WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element. 2016-07-23 4.3 CVE-2016-5135
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
google -- chrome Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion. 2016-07-23 6.8 CVE-2016-5136
CONFIRM(link is external)
CONFIRM
CONFIRM
CONFIRM(link is external)
google -- chrome The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution. 2016-07-23 4.3 CVE-2016-5137
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
php -- php Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive. 2016-07-25 6.8 CVE-2016-6289
CONFIRM(link is external)
MLIST(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
php -- php The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image. 2016-07-25 4.3 CVE-2016-6292
CONFIRM(link is external)
MLIST(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
php -- php Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL. 2016-07-25 6.8 CVE-2016-6297
CONFIRM(link is external)
MLIST(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
project_cronic -- cronic cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp. 2016-07-26 4.9 CVE-2016-3992
SUSE
MLIST(link is external)
MLIST(link is external)
CONFIRM
siemens -- simatic_wincc Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. 2016-07-22 5.0 CVE-2016-5744
CONFIRM(link is external)
siemens -- simatic_net_pc-software Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets. 2016-07-22 5.0 CVE-2016-5874
CONFIRM(link is external)
siemens -- sinema_remote_connect_server Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2016-07-22 4.3 CVE-2016-6204
CONFIRM(link is external)
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- archiva Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action. 2016-07-28 3.5 CVE-2016-5005
MISC(link is external)
BUGTRAQ(link is external)
ecryptfs -- ecryptfs-utils ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors. 2016-07-22 2.1 CVE-2015-8946
MLIST(link is external)
MLIST(link is external)
UBUNTU(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
ecryptfs -- ecryptfs-utils ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946. 2016-07-22 2.1 CVE-2016-6224
MLIST(link is external)
MLIST(link is external)
UBUNTU(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cavium -- software_ development_kit_2.x The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. 2016-07-26 Not yet calculated CVE-2015-5738
CONFIRM(link is external)
MISC(link is external)
CONFIRM

-기사원문확인하기: [US-CERT: Bulletin(SB16-214)] 2016년 7월 25일까지 발표된 보안 취약점