ID de Prueba:	1.3.6.1.4.1.25623.1.0.105722
Categoría:	Web application abuses
Título:	Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL Version (SYM16-007)
Resumen:	Symantec Messaging Gateway (SMG) Appliance management console; is susceptible to potential unauthorized loss of privileged information due to an inadvertent; static link of an updated component library to a version of SSL susceptible to the Heartbleed; vulnerability (CVE-2014-0160).
Descripción:	Summary: Symantec Messaging Gateway (SMG) Appliance management console is susceptible to potential unauthorized loss of privileged information due to an inadvertent static link of an updated component library to a version of SSL susceptible to the Heartbleed vulnerability (CVE-2014-0160). Vulnerability Insight: Symantec became aware of a recently updated ACE library shipped in SMG 10.6.x that was statically linked inadvertently to a version of SSL susceptible to CVE-2014-0160, Heartbleed vice dynamically linked to the non-vulnerable SSL version in the shipping OS of the Appliance. Affected Software/OS: Symantec Messaging Gateway version 10.x, 10.6.1 and prior. Solution: Update to version 10.6.1-3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0160 BugTraq ID: 66690 http://www.securityfocus.com/bid/66690 Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded Cert/CC Advisory: TA14-098A http://www.us-cert.gov/ncas/alerts/TA14-098A CERT/CC vulnerability note: VU#720951 http://www.kb.cert.org/vuls/id/720951 Cisco Security Advisory: 20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed Debian Security Information: DSA-2896 (Google Search) http://www.debian.org/security/2014/dsa-2896 http://www.exploit-db.com/exploits/32745 http://www.exploit-db.com/exploits/32764 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://seclists.org/fulldisclosure/2014/Apr/91 http://seclists.org/fulldisclosure/2014/Apr/90 http://seclists.org/fulldisclosure/2014/Apr/109 http://seclists.org/fulldisclosure/2014/Apr/173 http://seclists.org/fulldisclosure/2014/Apr/190 http://seclists.org/fulldisclosure/2014/Dec/23 HPdes Security Advisory: HPSBGN03008 http://marc.info/?l=bugtraq&m=139774054614965&w=2 HPdes Security Advisory: HPSBGN03010 http://marc.info/?l=bugtraq&m=139774703817488&w=2 HPdes Security Advisory: HPSBGN03011 http://marc.info/?l=bugtraq&m=139833395230364&w=2 HPdes Security Advisory: HPSBHF03021 http://marc.info/?l=bugtraq&m=139835815211508&w=2 HPdes Security Advisory: HPSBHF03136 http://marc.info/?l=bugtraq&m=141287864628122&w=2 HPdes Security Advisory: HPSBHF03293 http://marc.info/?l=bugtraq&m=142660345230545&w=2 HPdes Security Advisory: HPSBMU02994 http://marc.info/?l=bugtraq&m=139757726426985&w=2 HPdes Security Advisory: HPSBMU02995 http://marc.info/?l=bugtraq&m=139722163017074&w=2 HPdes Security Advisory: HPSBMU02997 http://marc.info/?l=bugtraq&m=139757919027752&w=2 HPdes Security Advisory: HPSBMU02998 http://marc.info/?l=bugtraq&m=139757819327350&w=2 HPdes Security Advisory: HPSBMU02999 http://marc.info/?l=bugtraq&m=139765756720506&w=2 HPdes Security Advisory: HPSBMU03009 http://marc.info/?l=bugtraq&m=139905458328378&w=2 HPdes Security Advisory: HPSBMU03012 http://marc.info/?l=bugtraq&m=139808058921905&w=2 HPdes Security Advisory: HPSBMU03013 http://marc.info/?l=bugtraq&m=139824993005633&w=2 HPdes Security Advisory: HPSBMU03017 http://marc.info/?l=bugtraq&m=139817727317190&w=2 HPdes Security Advisory: HPSBMU03018 http://marc.info/?l=bugtraq&m=139817782017443&w=2 HPdes Security Advisory: HPSBMU03019 http://marc.info/?l=bugtraq&m=139817685517037&w=2 HPdes Security Advisory: HPSBMU03020 http://marc.info/?l=bugtraq&m=139836085512508&w=2 HPdes Security Advisory: HPSBMU03022 http://marc.info/?l=bugtraq&m=139869891830365&w=2 HPdes Security Advisory: HPSBMU03023 http://marc.info/?l=bugtraq&m=139843768401936&w=2 HPdes Security Advisory: HPSBMU03024 http://marc.info/?l=bugtraq&m=139889113431619&w=2 HPdes Security Advisory: HPSBMU03025 http://marc.info/?l=bugtraq&m=139869720529462&w=2 HPdes Security Advisory: HPSBMU03028 http://marc.info/?l=bugtraq&m=139905243827825&w=2 HPdes Security Advisory: HPSBMU03029 http://marc.info/?l=bugtraq&m=139905202427693&w=2 HPdes Security Advisory: HPSBMU03030 http://marc.info/?l=bugtraq&m=139905351928096&w=2 HPdes Security Advisory: HPSBMU03032 http://marc.info/?l=bugtraq&m=139905405728262&w=2 HPdes Security Advisory: HPSBMU03033 http://marc.info/?l=bugtraq&m=139905295427946&w=2 HPdes Security Advisory: HPSBMU03037 http://marc.info/?l=bugtraq&m=140724451518351&w=2 HPdes Security Advisory: HPSBMU03040 http://marc.info/?l=bugtraq&m=140015787404650&w=2 HPdes Security Advisory: HPSBMU03044 http://marc.info/?l=bugtraq&m=140075368411126&w=2 HPdes Security Advisory: HPSBMU03062 http://marc.info/?l=bugtraq&m=140752315422991&w=2 HPdes Security Advisory: HPSBPI03014 http://marc.info/?l=bugtraq&m=139835844111589&w=2 HPdes Security Advisory: HPSBPI03031 http://marc.info/?l=bugtraq&m=139889295732144&w=2 HPdes Security Advisory: HPSBST03000 https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken HPdes Security Advisory: HPSBST03001 http://marc.info/?l=bugtraq&m=139758572430452&w=2 HPdes Security Advisory: HPSBST03004 http://marc.info/?l=bugtraq&m=139905653828999&w=2 HPdes Security Advisory: HPSBST03015 http://marc.info/?l=bugtraq&m=139824923705461&w=2 HPdes Security Advisory: HPSBST03016 http://marc.info/?l=bugtraq&m=139842151128341&w=2 HPdes Security Advisory: HPSBST03027 http://marc.info/?l=bugtraq&m=139905868529690&w=2 HPdes Security Advisory: SSRT101846 http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/ http://heartbleed.com/ https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 https://gist.github.com/chapmajs/10473815 https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html https://www.cert.fi/en/reports/2014/vulnerability788210.html https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E RedHat Security Advisories: RHSA-2014:0376 http://rhn.redhat.com/errata/RHSA-2014-0376.html RedHat Security Advisories: RHSA-2014:0377 http://rhn.redhat.com/errata/RHSA-2014-0377.html RedHat Security Advisories: RHSA-2014:0378 http://rhn.redhat.com/errata/RHSA-2014-0378.html RedHat Security Advisories: RHSA-2014:0396 http://rhn.redhat.com/errata/RHSA-2014-0396.html http://www.securitytracker.com/id/1030026 http://www.securitytracker.com/id/1030074 http://www.securitytracker.com/id/1030077 http://www.securitytracker.com/id/1030078 http://www.securitytracker.com/id/1030079 http://www.securitytracker.com/id/1030080 http://www.securitytracker.com/id/1030081 http://www.securitytracker.com/id/1030082 http://secunia.com/advisories/57347 http://secunia.com/advisories/57483 http://secunia.com/advisories/57721 http://secunia.com/advisories/57836 http://secunia.com/advisories/57966 http://secunia.com/advisories/57968 http://secunia.com/advisories/59139 http://secunia.com/advisories/59243 http://secunia.com/advisories/59347 SuSE Security Announcement: SUSE-SA:2014:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html SuSE Security Announcement: openSUSE-SU-2014:0492 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html SuSE Security Announcement: openSUSE-SU-2014:0560 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html http://www.ubuntu.com/usn/USN-2165-1
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.