Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2014-377)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.120576

Kategorie: Amazon Linux Local Security Checks

Titel: Amazon Linux: Security Advisory (ALAS-2014-377)

Zusammenfassung: The remote host is missing an update for the 'php-ZendFramework' package(s) announced via the ALAS-2014-377 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'php-ZendFramework' package(s) announced via the ALAS-2014-377 advisory.

Vulnerability Insight:
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.

XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform other more advanced XML External Entity (XXE) attacks.

Using the Consumer component of ZendOpenId (or Zend_OpenId in ZF1), it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google, etc), which are not under the control of our own OpenID Provider. Thus, we are able to impersonate any OpenID Identity against the framework.

Moreover, the Consumer accepts OpenID tokens with arbitrary signed elements. The framework does not check if, for example, both openid.claimed_id and openid.endpoint_url are signed. It is just sufficient to sign one parameter. According to [link moved to references] at least op_endpoint, return_to, response_nonce, assoc_handle, and, if present in the response, claimed_id and identity, must be signed.

Affected Software/OS:
'php-ZendFramework' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-2681
BugTraq ID: 66358
http://www.securityfocus.com/bid/66358
Debian Security Information: DSA-3265 (Google Search)
http://www.debian.org/security/2015/dsa-3265
http://www.mandriva.com/security/advisories?name=MDVSA-2014:072
http://seclists.org/oss-sec/2014/q2/0
Common Vulnerability Exposure (CVE) ID: CVE-2014-2682
Common Vulnerability Exposure (CVE) ID: CVE-2014-2683
Common Vulnerability Exposure (CVE) ID: CVE-2014-2684
Common Vulnerability Exposure (CVE) ID: CVE-2014-2685

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.120576
Kategorie:	Amazon Linux Local Security Checks
Titel:	Amazon Linux: Security Advisory (ALAS-2014-377)
Zusammenfassung:	The remote host is missing an update for the 'php-ZendFramework' package(s) announced via the ALAS-2014-377 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'php-ZendFramework' package(s) announced via the ALAS-2014-377 advisory. Vulnerability Insight: The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform other more advanced XML External Entity (XXE) attacks. Using the Consumer component of ZendOpenId (or Zend_OpenId in ZF1), it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google, etc), which are not under the control of our own OpenID Provider. Thus, we are able to impersonate any OpenID Identity against the framework. Moreover, the Consumer accepts OpenID tokens with arbitrary signed elements. The framework does not check if, for example, both openid.claimed_id and openid.endpoint_url are signed. It is just sufficient to sign one parameter. According to [link moved to references] at least op_endpoint, return_to, response_nonce, assoc_handle, and, if present in the response, claimed_id and identity, must be signed. Affected Software/OS: 'php-ZendFramework' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2681 BugTraq ID: 66358 http://www.securityfocus.com/bid/66358 Debian Security Information: DSA-3265 (Google Search) http://www.debian.org/security/2015/dsa-3265 http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 http://seclists.org/oss-sec/2014/q2/0 Common Vulnerability Exposure (CVE) ID: CVE-2014-2682 Common Vulnerability Exposure (CVE) ID: CVE-2014-2683 Common Vulnerability Exposure (CVE) ID: CVE-2014-2684 Common Vulnerability Exposure (CVE) ID: CVE-2014-2685
Copyright	Copyright (C) 2015 Greenbone AG