[oss-security] 20160420 various vulnerabilities in Node.js packages

96434

https://www.sourceclear.com/blog/handlebars_vulnerability_research_findings/

https://www.tenable.com/security/tns-2016-18

The version of Tenable Log Correlation Engine (LCE) installed on the remote host is prior to 4.8.1. It is, therefore, affected by the following vulnerabilities :

  - Multiple cross-site scripting (XSS) vulnerabilities     exist in the Handlebars library in the     lib/handlebars/utils.js script due to a failure to     properly escape input passed as unquoted attributes to     templates. An unauthenticated, remote attacker can     exploit these vulnerabilities, via a specially crafted     request, to execute arbitrary script code in a user's     browser session. (CVE-2015-8861, CVE-2015-8862)

  - A heap-based buffer overflow condition exists in the     Perl-Compatible Regular Expressions (PCRE) component     that is triggered when processing nested back references     in a duplicate named group. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2016-1283)

  - An out-of-bounds read error exists in the libxml2     component in parserInternals.c due to improper parsing     of characters in an XML file. An unauthenticated, remote     attacker can exploit this to disclose sensitive     information or cause a denial of service condition.
    (CVE-2016-1833)

  - An overflow condition exists in the libxml2 component in     xmlstring.c due to improper validation of user-supplied     input when handling a string with NULL. An     unauthenticated, remote attacker can exploit this, via a     specially crafted file, to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2016-1834)

  - Multiple use-after-free errors exist in the libxml2     component in parser.c that is triggered when parsing     complex names. An unauthenticated, remote attacker can     exploit these issues, via a specially crafted file, to     dereference already freed memory and potentially execute     arbitrary code. (CVE-2016-1835, CVE-2016-1836)

  - Multiple heap-based buffer overflow conditions exist in     the libxml2 component in HTMLparser.c and xmlregexp.c     due to improper validation of user-supplied input when     parsing characters in a range. An unauthenticated,     remote attacker can exploit these issues, via a     specially crafted file, to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2016-1837, CVE-2016-1839, CVE-2016-1840)

  - Multiple out-of-bounds read errors exist in the libxml2     component in parser.c. An unauthenticated, remote     attacker can exploit these issues to disclose sensitive     information or cause a denial of service condition.
    (CVE-2016-1838, CVE-2016-4447)

  - A heap buffer overflow condition exists in the OpenSSL     component in the EVP_EncodeUpdate() function within file     crypto/evp/encode.c that is triggered when handling a     large amount of input data. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition. (CVE-2016-2105)

  - A heap buffer overflow condition exists in the OpenSSL     component in the EVP_EncryptUpdate() function within     file crypto/evp/evp_enc.c that is triggered when     handling a large amount of input data after a previous     call occurs to the same function with a partial block.
    An unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2016-2106)

  - Flaws exist in the aesni_cbc_hmac_sha1_cipher()     function in file crypto/evp/e_aes_cbc_hmac_sha1.c and     the aesni_cbc_hmac_sha256_cipher() function in file     crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered     when the connection uses an AES-CBC cipher and AES-NI     is supported by the server. A man-in-the-middle attacker     can exploit these to conduct a padding oracle attack,     resulting in the ability to decrypt the network traffic.
    (CVE-2016-2107)

  - A remote code execution vulnerability exists in the     OpenSSL component in the ASN.1 encoder due to an     underflow condition that occurs when attempting to     encode the value zero represented as a negative integer.
    An unauthenticated, remote attacker can exploit this to     corrupt memory, resulting in the execution of arbitrary     code. (CVE-2016-2108)

  - Multiple unspecified flaws exist in the d2i BIO     functions when reading ASN.1 data from a BIO due to     invalid encoding causing a large allocation of memory.
    An unauthenticated, remote attacker can exploit these to     cause a denial of service condition through resource     exhaustion. (CVE-2016-2109)

  - An out-of-bounds read error exists in the     X509_NAME_oneline() function within file     crypto/x509/x509_obj.c when handling very long ASN1     strings. An unauthenticated, remote attacker can exploit     this to disclose the contents of stack memory.
    (CVE-2016-2176)

  - An overflow condition exists in the Perl-Compatible     Regular Expressions (PCRE) component due to improper     validation of user-supplied input when handling the     (*ACCEPT) verb. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2016-3191)

  - A flaw exists in the libxml2 component in parser.c that     occurs when handling XML content in recovery mode. An     unauthenticated, remote attacker can exploit this to     cause a stack exhaustion, resulting in a denial of     service condition. (CVE-2016-3627)

  - A flaw exists in the libxml2 component in parser.c due     to improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit this to     cause a stack exhaustion, resulting in a denial of     service condition. (CVE-2016-3705)

  - A format string flaw exists in the libxml2 component due     to improper use of string format specifiers (e.g. %s and     %x). An unauthenticated, remote attacker can exploit     this to cause a denial of service condition or the     execution of arbitrary code. (CVE-2016-4448)

  - An XML external entity injection vulnerability exists in     parser.c due to improper parsing of XML data. An     unauthenticated, remote attacker can exploit this, via     specially crafted XML data, to disclose arbitrary files     or cause a denial of service condition. (CVE-2016-4449)

  - An out-of-bounds read error exists in the libxml2     component in xmlsave.c that occurs when handling XML     content in recovery mode. An unauthenticated, remote     attacker can exploit this to disclose sensitive     information or cause a denial of service condition.
    (CVE-2016-4483)

  - A security bypass vulnerability exists in the libcurl     component due to the program attempting to resume TLS     sessions even if the client certificate fails. An     unauthenticated, remote attacker can exploit this to     bypass validation mechanisms. (CVE-2016-5419)

  - An information disclosure vulnerability exists in the     libcurl component due to the program reusing TLS     connections with different client certificates. An     unauthenticated, remote attacker can exploit this to     disclose sensitive cross-realm information.
    (CVE-2016-5420)

  - A use-after-free error exists in the libcurl component     that is triggered as connection pointers are not     properly cleared for easy handles. An unauthenticated,     remote attacker can exploit this to dereference already     freed memory, potentially resulting in the execution of     arbitrary code. (CVE-2016-5421)

  - Multiple stored cross-site scripting (XSS)   	vulnerabilities exist due to improper validation of   	user-supplied input. An authenticated, remote attacker   	can exploit these, via a specially crafted request, to   	execute arbitrary script code in a user's browsers   	session. (CVE-2016-9261)

CVE-2015-8861

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

critical