漏洞周报-2016年12月05日
13 Dec 2016原文:Vulnerability Summary for the Week of December 5, 2016
译者:这是美国官方的漏洞库周报,每周更新,历史列表
US-CERT网络安全通告提供刚过去一周在NIST(美国国家标准与技术协会)和NVD(美国国家漏洞数据库)中记录的新漏洞的概要描述。NVD由DHS(美国国土安全局)和NCCIC(美国国家网络安全运营中心)/US-CERT(美国计算机应急响应小组)提供资助。如果需要修改或更新条目,请直接访问NVD,那里包含历史漏洞信息。
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
这些漏洞基于CVE漏洞命名标准,并根据严重性(由CVSS常见漏洞评分系统标准确定)进行组织。 高,中和低严重度的划分对应于以下分数:
条目可能包含由US-CERT资助的组织和成果提供的附加信息。这些信息可能包含标识信息,值,定义以及有关联的链接。补丁信息会在可用时提供。请注意,这份通告里的有些信息是从外部开源报告中提取而来,而不是US-CERT分析的直接结果。
高危漏洞
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alcatel-lucent -- omnivista_8770_network_management_system | Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server." | 2016-12-03 | 10.0 | CVE-2016-9796 MISC (link is external) BID (link is external) MISC (link is external) MISC (link is external) |
| google -- android | arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. | 2016-12-08 | 9.3 | CVE-2015-8967 CONFIRM CONFIRM (link is external) BID (link is external) CONFIRM (link is external) |
| google -- android | The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 31470303 and external bug 211602 (and AndroidID-7225554). | 2016-12-06 | 7.1 | CVE-2016-5341 CONFIRM (link is external) BID (link is external) MISC (link is external) |
| intel -- wireless_bluetooth_drivers | Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges. | 2016-12-08 | 7.2 | CVE-2016-8102 CONFIRM (link is external) |
| joomla -- joomla! | The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types. | 2016-12-05 | 7.5 | CVE-2016-9836 BID (link is external) MISC (link is external) |
| linux -- linux_kernel | arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call. | 2016-12-08 | 7.2 | CVE-2015-8966 CONFIRM (link is external) BID (link is external) CONFIRM CONFIRM (link is external) |
| linux -- linux_kernel | Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. | 2016-12-08 | 7.2 | CVE-2016-8655 CONFIRM MLIST (link is external) BID (link is external) CONFIRM (link is external) CONFIRM (link is external) |
| linux -- linux_kernel | Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time. | 2016-12-08 | 9.3 | CVE-2016-9120 CONFIRM CONFIRM (link is external) BID (link is external) CONFIRM (link is external) |
| linux -- linux_kernel | The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet. | 2016-12-08 | 7.8 | CVE-2016-9919 CONFIRM MLIST (link is external) CONFIRM (link is external) |
| siemens -- sicam_pas | A vulnerability in Siemens SICAM PAS (all versions including V8.08) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP. | 2016-12-05 | 7.5 | CVE-2016-9156 BID (link is external) CONFIRM (link is external) |
| siemens -- sicam_pas | A vulnerability in Siemens SICAM PAS (all versions including V8.08) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets sent to port 19234/TCP. | 2016-12-05 | 7.5 | CVE-2016-9157 BID (link is external) CONFIRM (link is external) |
| zikula -- zikula_application_framework | Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file. | 2016-12-05 | 7.5 | CVE-2016-9835 CONFIRM (link is external) CONFIRM (link is external) CONFIRM (link is external) |