SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Red Hat JBoss Vendors:   Red Hat
(Red Hat Issues Fix for JBoss) Apple OS X Multiple Flaws Let Remote and Local Users Execute Arbitrary Code and Deny Service and Let Local Users Obtain Potentially Sensitive Information and Gain Elevated Privileges
SecurityTracker Alert ID:  1034776
SecurityTracker URL:  http://securitytracker.com/id/1034776
CVE Reference:   CVE-2012-1148   (Links to External Site)
Date:  Jan 22 2016
Impact:   Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Root access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Apple OS X. A remote user can cause arbitrary code to be executed on the target user's system. A remote or local user can cause denial of service conditions on the target system. A local user can obtain potentially sensitive information. A local user or an application can bypass security restrictions. A local user can gain system privileges on the target system. JBoss is affected.

An application can bypass sandbox restrictions and access Contacts after access has been revoked [CVE-2015-7001].

A local user can trigger a memory corruption flaw in the Bluetooth HCI interface to execute arbitrary code with system privileges [CVE-2015-7108].

A remote user in a privileged network position can exploit a URL validation flaw to bypass HSTS [CVE-2015-7094].

A remote user can create a specially crafted web site that, when loaded by the target user, will trigger an uninitialized memory error in zlib and execute arbitrary code [CVE-2015-7054].

A local user can exploit a flaw in the installation of configuration profiles to install a configuration profile without admin privileges [CVE-2015-7062].

A remote user can create a specially crafted font file that, when loaded by the target user, will trigger a memory corruption flaw in CoreGraphics and execute arbitrary code [CVE-2015-7105].

A remote user can create a specially crafted web site that, when loaded by the target user, will trigger a memory corruption flaw in the processing of media files and execute arbitrary code [CVE-2015-7074, CVE-2015-7075].

A local user can load a specially crafted disk image to trigger a memory corruption flaw and execute arbitrary code with kernel privileges [CVE-2015-7110].

A local user can exploit a path validation flaw in the kernel loader to execute arbitrary code with system privileges [CVE-2015-7063].

A sandboxed application can circumvent sandbox restrictions [CVE-2015-7071].

A local user can trigger a use-after-free memory error in the handling of VM objects to execute arbitrary code with system privileges [CVE-2015-7078].

A remote user can create a specially crafted iBooks file that references an external XML entity that, when loaded by the target user, will obtain potentially sensitive user information [CVE-2015-7081].

A remote user can create a specially crafted web image that, when loaded by the target user, will trigger a memory corruption flaw in ImageIO and execute arbitrary code [CVE-2015-7053].

A local user can trigger a null pointer dereference in the Intel Graphics Driver to execute arbitrary code with system privileges [CVE-2015-7076].

A local user can trigger a memory corruption error in the Intel Graphics Driver to execute arbitrary code with system privileges [CVE-2015-7106].

An application can trigger an out-of-bounds memory access error in the Intel Graphics Driver to execute arbitrary code with system privileges [CVE-2015-7077].

An application can trigger a memory corruption flaw in IOAcceleratorFamily to execute arbitrary code with system privileges [CVE-2015-7109].

An application can trigger a memory corruption flaw in IOHIDFamily to execute arbitrary code with system privileges [CVE-2015-7111, CVE-2015-7112].

An application can trigger a null pointer dereference in IOKit to execute arbitrary code with kernel privileges [CVE-2015-7068].

A local user can trigger a null pointer dereference in IOThunderboltFamily to cause denial of service conditions [CVE-2015-7067].

An application cause denial of service conditions [CVE-2015-7040, CVE-2015-7041, CVE-2015-7042, CVE-2015-7043].

A local user can trigger a memory handling flaw to execute arbitrary code with kernel privileges [CVE-2015-7083, CVE-2015-7084].

A local user can trigger a flaw in the parsing of mach messages to execute arbitrary code with kernel privileges [CVE-2015-7047].

A local user can exploit a validation flaw in the loading of kernel extensions to execute arbitrary code with kernel privileges [CVE-2015-7052].

An application can masquerade as the Keychain Server [CVE-2015-7045].

A remote user A remote user can create a specially crafted package that, when loaded by the target user, will trigger a buffer overflow in libc and execute arbitrary code [CVE-2015-7038, CVE-2015-7039].

Some vulnerabilities exist in expat versions prior to 2.1.0 [CVE-2012-1147, CVE-2012-1148].

A remote user can create a specially crafted web site that, when loaded by the target user, will trigger a memory corruption error in OpenGL and execute arbitrary code [CVE-2015-7064, CVE-2015-7065, CVE-2015-7066].

Some vulnerabilities exist in LibreSSL prior to versions 2.1.8 [CVE-2015-5333, CVE-2015-5334].

A remote user can create a specially crafted iWork file that, when loaded by the target user, will execute arbitrary code on the target user's system [CVE-2015-7107].

An application with root privileges can bypass kernel address space layout randomization protections [CVE-2015-7046].

A remote user can trigger a memory corruption error in the handling of SSL handshakes to execute arbitrary code [CVE-2015-7073].

A remote user can create a specially crafted certificate that, when processed by the target system, will trigger a memory corruption error in the ASN.1 decoder to execute arbitrary code [CVE-2015-7059, CVE-2015-7060, CVE-2015-7061].

An application can gain access to the target user's Keychain items [CVE-2015-7058].

An application with root privileges can exploit a flaw in handling union mounts to execute arbitrary code with system privileges [CVE-2015-7044].

Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt; Ian Beer of Google Project Zero; Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc.; Muneaki Nishimura (nishimunea); j00ru;
David Mulder of Dell Software; John Villamil (@day6reak), Yahoo Pentest Team; Behrouz Sadeghipour (@Nahamsec); Patrik Fehrenbach (@ITSecurityguard); Juwei Lin of TrendMicro; beist and ABH of BoB; JeongHoon Shin@A.D.D; Lufeng Li of Qihoo 360 Vulcan Team; Tarjei Mandt (@kernelpool);
Luyi Xing and XiaoFeng Wang of Indiana University Bloomington, Xiaolong Bai of Indiana University Bloomington and Tsinghua University, Tongxin Li of Peking University, Kai Chen of Indiana University Bloomington and Institute of Information Engineering, Xiaojing Liao of Georgia Institute of Technology, Shi-Min Hu of Tsinghua University, and Xinhui Han of Peking University;
Maksymilian Arciemowicz (CXSECURITY.COM); Kurt Seifried; Tongbo Luo and Bo Qu of Palo Alto Networks; Benoit Foucher of ZeroC, Inc.; David Keeler of Mozilla; Tyson Smith of Mozilla; Ryan Sleevi of Google; and MacDefender reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote or local user can cause denial of service conditions on the target system.

A local user can obtain potentially sensitive information on the target system.

An application or a local user can bypass security controls on the target system.

A local user can obtain system privileges on the target system.

Solution:   Red Hat has issued a fix for CVE-2012-1148 for JBoss.

The Red Hat advisory is available at:

https://rhn.redhat.com/errata/RHSA-2016-0062.html

Vendor URL:  rhn.redhat.com/errata/RHSA-2016-0062.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Red Hat Enterprise)

Message History:   This archive entry is a follow-up to the message listed below.
Dec 9 2015 Apple OS X Multiple Flaws Let Remote and Local Users Execute Arbitrary Code and Deny Service and Let Local Users Obtain Potentially Sensitive Information and Gain Elevated Privileges



 Source Message Contents

Subject:  [RHSA-2016:0062-01] Moderate: Red Hat JBoss Web Server 2.1.0 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat JBoss Web Server 2.1.0 security update
Advisory ID:       RHSA-2016:0062-01
Product:           Red Hat JBoss Web Server
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0062.html
Issue date:        2016-01-21
CVE Names:         CVE-2012-0876 CVE-2012-1148 CVE-2013-5704 
                   CVE-2015-3183 
=====================================================================

1. Summary:

An update for Red Hat JBoss Web Server 2.1.0 that fixes four security
issues is now available from the Red Hat Customer Portal.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores, 
which give detailed severity ratings, are available for each vulnerability 
from the CVE links in the References section.

2. Description:

Red Hat JBoss Web Server is a fully integrated and certified set of 
components for hosting Java web applications. It is comprised of the Apache
HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector 
(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat 
Native library.

Multiple flaws were found in the way httpd parsed HTTP requests and
responses using chunked transfer encoding. A remote attacker could use
these flaws to create a specially crafted request, which httpd would decode
differently from an HTTP proxy software in front of it, possibly leading to
HTTP request smuggling attacks. (CVE-2015-3183)

A denial of service flaw was found in the implementation of hash arrays in 
Expat. An attacker could use this flaw to make an application using Expat 
consume an excessive amount of CPU time by providing a specially-crafted
XML file that triggers multiple hash function collisions. To mitigate this
issue, randomization has been added to the hash function to reduce the
chance of an attacker successfully causing intentional collisions.
(CVE-2012-0876)

A memory leak flaw was found in Expat. If an XML file processed by an 
application linked against Expat triggered a memory re-allocation failure, 
Expat failed to free the previously allocated memory. This could cause the 
application to exit unexpectedly or crash when all available memory is 
exhausted. (CVE-2012-1148)

A flaw was found in the way httpd handled HTTP Trailer headers when 
processing requests using chunked encoding. A malicious client could use 
Trailer headers to set additional HTTP headers after header processing was 
performed by other modules. This could, for example, lead to a bypass of 
header restrictions defined with mod_headers. (CVE-2013-5704)

All users of Red Hat JBoss Web Server 2.1.0 as provided from the Red Hat 
Customer Portal are advised to apply this update. The Red Hat JBoss Web 
Server process must be restarted for the update to take effect.

3. Solution:

The References section of this erratum contains a download link (you must
log in to download the update). Before applying the update, back up your
existing Red Hat JBoss Web Server installation (including all applications
and configuration files).

4. Bugs fixed (https://bugzilla.redhat.com/):

786617 - CVE-2012-0876 expat: hash table collisions CPU usage DoS
801648 - CVE-2012-1148 expat: Memory leak in poolGrow
1082903 - CVE-2013-5704 httpd: bypass of mod_headers rules via chunked requests
1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser

5. References:

https://access.redhat.com/security/cve/CVE-2012-0876
https://access.redhat.com/security/cve/CVE-2012-1148
https://access.redhat.com/security/cve/CVE-2013-5704
https://access.redhat.com/security/cve/CVE-2015-3183
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=2.1.0

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFWoP+OXlSAg2UNWIIRAmwSAJ9P8tubWwCMgf0/pn0FHW0+9lJi5gCfRjzk
uZNZSNVSpGDhmFbDwlBzdyw=
=oXVf
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC