Security Bulletin: Multiple vulnerabilities in cups, curl, libxfont affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Vulnerability Details

CVEID: CVE-2014-9679
DESCRIPTION: CUPS is vulnerable to a buffer overflow, caused by an integer overflow in cupsRasterReadPixels. By persuading a victim to open a specially-crafted raster file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101014 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-1158
DESCRIPTION: Apple CUPS could allow a remote attacker to gain elevated privileges on the system, caused by the improper handling of localized strings. By sending specially crafted strings, an attacker could exploit this vulnerability to cause the admin/conf and admin access control lists to fail and gain elevated privileges on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103852 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-1159
DESCRIPTION: Apple CUPS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the templating engine. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim''s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim''s cookie-based authentication credentials.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103853 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-3613
DESCRIPTION: cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain names for IP addresses. An attacker could exploit this vulnerability to send cookies to an incorrect site.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95925 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-3707
DESCRIPTION: cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by an error in the curl_easy_duphandle() function. An attacker could exploit this vulnerability to corrupt heap memory and obtain sensitive information or cause a denial of service.
CVSS Base Score: 6.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/98562 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVEID: CVE-2014-8150
DESCRIPTION: libcURL is vulnerable to CRLF injection, caused by the improper handling of URLs with embedded end-of-line characters. By persuading a victim to click on a specially-crafted URL link using an HTTP proxy, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100567 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-3143
DESCRIPTION: libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102888 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-3148
DESCRIPTION: libcurl and cRUL could allow a remote attacker to bypass security restrictions, caused by improper use of the negotiate authentication method. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions and connect as other users.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102878 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-1802
DESCRIPTION: X.Org libXfont could allow a local attacker to gain elevated privileges on the system, caused by an error in bdfReadProperties() in the property count when parsing malicious files. An attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
CVSS Base Score: 7.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101608 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-1803
DESCRIPTION: X.Org libXfont is vulnerable to a denial of service, caused by an invalid pointer in bdfReadCharacters() when parsing malicious files. A local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101609 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVEID: CVE-2015-1804
DESCRIPTION: X.Org libXfont could allow a local attacker to gain elevated privileges on the system, caused by an error in bdfReadCharacters() when parsing malicious files. An attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
CVSS Base Score: 7.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101610 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)