lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 22 Jul 2016 21:42:16 +0000
From: "Kotas, Kevin J" <Kevin.Kotas@...com>
To: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: CA20160721-01: Security Notice for CA eHealth

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20160721-01: Security Notice for CA eHealth

Issued: 2016-07-21
Last Updated: 2016-07-21

CA Technologies Support is alerting customers to multiple potential risks
with CA eHealth. Two vulnerabilities exist in the web interface,
CVE-2016-6151 and CVE-2016-6152, that can allow a remote
authenticated attacker to cause a denial of service condition or possibly
execute arbitrary commands. CA technologies assigned a High risk rating
to these vulnerabilities. CA has a solution available.

Risk Rating

CVE Identifier
Risk
Vulnerable Releases

CVE-2016-6151
High
6.2.x

CVE-2016-6152
High
6.2.x, 6.3.0.x, 6.3.1.x, 6.3.2.x

Platform(s)

All

Affected Products

CA eHealth 6.2.x, 6.3.0.x, 6.3.1.x, 6.3.2.x

How to determine if the installation is affected

Customers may check the build number by running the nhShowRev
command

If the installed product Fix build is less than the release in the below
table, the installation is vulnerable.

Product release
Fix build

CA eHealth 6.2.x, 6.3.x
6.3.2.13

Solution

For all releases of CA eHealth, update to version 6.3.2.13 or later to
resolve these vulnerabilities.

References

CVE-2016-6151 - CA eHealth 6.2.x remote denial of service/command
execution
CVE-2016-6152 - CA eHealth 6.2.x, 6.3.x remote denial of
service/command execution

Acknowledgement

CVE-2016-6151, CVE-2016-6152 - Ben Lincoln, NCC Group

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies
Support at https://support.ca.com/

If you discover a vulnerability in CA Technologies products, please
report your findings to the CA Technologies Product Vulnerability
Response Team at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,

Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response Team

Copyright (c) 2016 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022.  All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Charset: utf-8

wsFVAwUBV5JY3Tuotw2cX+zOAQoYbg/+JfDwXxV6pCZiGpOBpK4aXRRPwnmFIXk7
ra+MW1S1fLwz7uay+rgDWhlgzi1zzOjtNacQguQECCUa1YfSRSQnqaaF0zDv6YV7
lMDd4bfHTn8nyj1s17rhSq0X5bSFc0JmpJ4yqrTvu9fX6UmfThxHObGAnKxBVBdJ
Mt7ew1HmiKzxiTmcb59s6FbohyzXm2zDN0SYrGOZNLjnYJ4TR4GiKJ6laaFcPban
uu0HnvguZAwNLe2uxyn3E4b1726O7xGRUhi99l69unMmRATARoqMJOYqxinbllXW
enAmwS8DJ5DrnKQu5En5yx2STHTr50oFfuaAS18H1mIQyDxxD+w8me9eK6iWMlOZ
pzKZHhQ7w0snWMkF14ky7Nev9hddO/q95oowRDLYGDxEMVI99Dt+bCBMWkOZ8NWu
QO8SzIsPiVCvNGimy7+XDxOCdZ/VlgN2UHT7Dc3FkOdvuMp9/tCekKPXs/LCV7HW
irIEu1nIglEVXY7uhpMv58eUUPh0TY9iuOaru8u1V8iH1f4YEikC5I8xJw9X824z
pJdHHk8ef+ERuLkI1zFM2jm+6M4nAmF3ZBWiRmLg9bJlaixlWPB+4Yp3uobzVG/4
wqEKyXtk+DUDru1SGGAwphonQJeleCygQfqgEDRvNvuJMqdpsFSfY7lzXaHPj5Ce
oCa4qmGItmw=
=KcjQ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ