News
Vigil@nce - EMC Unisphere Central: multiple vulnerabilities
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of EMC Unisphere
Central.
Impacted products: Unisphere EMC
Severity: 2/4
Creation date: 28/01/2015
Revision date: 30/01/2015
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in EMC Unisphere Central.
They are related to the following embedded components:
– PostgreSQL (CVE-2013-1899, CVE-2013-1900, CVE-2013-1901,
CVE-2013-1902, VIGILANCE-VUL-12607, VIGILANCE-VUL-12606)
– Apache Tomcat (CVE-2012-5885, VIGILANCE-VUL-12113)
– SSL3.0/TLS1.0 (CVE-2011-3389, VIGILANCE-VUL-11014)
– SUSE Kernel (CVE-2013-1767, CVE-2012-2137, CVE-2012-6548,
CVE-2013-1797, CVE-2013-0231,CVE-2013-1774, CVE-2013-1848,
CVE-2013-0311, CVE-2013-2634, CVE-2013-0268, CVE-2013-0913,
CVE-2013-1772, CVE-2013-0216, CVE-2013-1792, CVE-2012-6549,
CVE-2013-2635, CVE-2013-0914, CVE-2013-1796, CVE-2013-0160,
CVE-2013-1860, CVE-2013-0349, CVE-2013-1798,
VIGILANCE-VUL-11014, VIGILANCE-VUL-12462, VIGILANCE-VUL-11721,
VIGILANCE-VUL-12488, VIGILANCE-VUL-12547, VIGILANCE-VUL-12380,
VIGILANCE-VUL-12470, VIGILANCE-VUL-12546, VIGILANCE-VUL-12441,
VIGILANCE-VUL-12545, VIGILANCE-VUL-12389, VIGILANCE-VUL-12499,
VIGILANCE-VUL-12382, VIGILANCE-VUL-12379, VIGILANCE-VUL-12491,
VIGILANCE-VUL-12500, VIGILANCE-VUL-12287, VIGILANCE-VUL-12528,
VIGILANCE-VUL-12454)
– Libgcrypt (CVE-2013-4242, VIGILANCE-VUL-13167)
– cURL/libcURL (CVE-2014-0138, CVE-2014-0139, CVE-2014-0015,
CVE-2014-3613, CVE-2014-3620, VIGILANCE-VUL-14473,
VIGILANCE-VUL-14474, VIGILANCE-VUL-14151, VIGILANCE-VUL-15326)
– OpenSSL (CVE-2010-5298, CVE-2014-0076, CVE-2014-0195,
CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470,
CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509,
CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139,
CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566,
VIGILANCE-VUL-14585, VIGILANCE-VUL-14462, VIGILANCE-VUL-14846,
VIGILANCE-VUL-14690, VIGILANCE-VUL-14845, VIGILANCE-VUL-14844,
VIGILANCE-VUL-14847, VIGILANCE-VUL-15130, VIGILANCE-VUL-15489,
VIGILANCE-VUL-15490, VIGILANCE-VUL-15491, VIGILANCE-VUL-15485)
– GNU Privacy Guard (GPG2) (CVE-2012-6085, VIGILANCE-VUL-12275)
– Java Runtime Environment (CVE-2014-2403, CVE-2014-0446,
CVE-2014-0457, CVE-2014-0453, CVE-2014-2412, CVE-2014-2398,
CVE-2014-0458, CVE-2014-2397, CVE-2014-0460, CVE-2014-0429,
CVE-2014-2428, CVE-2014-2423, CVE-2014-2420, CVE-2014-0448,
CVE-2014-0459, CVE-2014-2427, CVE-2014-2414, CVE-2014-0461,
CVE-2014-0454, CVE-2014-2422, CVE-2014-0464, CVE-2014-2401,
CVE-2014-0456, CVE-2014-0455, CVE-2014-0451, CVE-2014-0449,
CVE-2014-0432, CVE-2014-0463, CVE-2014-2410, CVE-2014-2413,
CVE-2014-2421, CVE-2014-2409, CVE-2014-2402, CVE-2014-0452,
CVE-2014-4220, CVE-2014-2490, CVE-2014-4266, CVE-2014-4219,
CVE-2014-2483, CVE-2014-4263, CVE-2014-4264, CVE-2014-4268,
CVE-2014-4252, CVE-2014-4223, CVE-2014-4247, CVE-2014-4218,
CVE-2014-4221, CVE-2014-4262, CVE-2014-4227, CVE-2014-4208,
CVE-2014-4209, CVE-2014-4265, CVE-2014-4244, CVE-2014-4216,
VIGILANCE-VUL-14599, VIGILANCE-VUL-15051)
– OpenSSH (CVE-2010-5107, VIGILANCE-VUL-11256)
– Network Security Services (NSS) (CVE-2014-1545, CVE-2014-1541,
CVE-2014-1534, CVE-2014-1533, CVE-2014-1536, CVE-2014-1537,
CVE-2014-1538, VIGILANCE-VUL-14869, VIGILANCE-VUL-14870)
– Xorg-X11 (CVE-2013-2005, CVE-2013-2002, VIGILANCE-VUL-12858)
– GnuTLS (CVE-2014-0092, VIGILANCE-VUL-14349)
– Pango (CVE-2011-0020, CVE-2011-0064)
– D-Bus (CVE-2014-3638,CVE-2014-3639, VIGILANCE-VUL-15358)
– Perl (CVE-2014-4330, VIGILANCE-VUL-15412)
An attacker can also deceive the user, in order to redirect him to
a malicious site (CVE-2015-0512).
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/EMC-Unisphere-Central-multiple-vulnerabilities-16070
