.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
ESA-2014-102: RSA Security Analytics and RSA NetWitness Security Update for Multiple Embedded Component Vulnerabilities
Tags: RSA NetWitness Platform, Security Advisories
Advisory Type
Security
Advisory Content
EMC Identifier: ESA-2014-102
CVE Identifier:
á CVE-2012-6647
á CVE-2013-1740
á CVE-2013-1740
á CVE-2013-1740
á CVE-2013-6378
á CVE-2013-7339
á CVE-2014-0118
á CVE-2014-0191
á CVE-2014-0203
á CVE-2014-0226
á CVE-2014-0231
á CVE-2014-0244
á CVE-2014-0429
á CVE-2014-0446
á CVE-2014-0451
á CVE-2014-0452
á CVE-2014-0453
á CVE-2014-0454
á CVE-2014-0455
á CVE-2014-0456
á CVE-2014-0457
á CVE-2014-0458
á CVE-2014-0459
á CVE-2014-0460
á CVE-2014-0461
á CVE-2014-0475
á CVE-2014-1490
á CVE-2014-1490
á CVE-2014-1490
á CVE-2014-1491
á CVE-2014-1491
á CVE-2014-1491
á CVE-2014-1492
á CVE-2014-1492
á CVE-2014-1492
á CVE-2014-1544
á CVE-2014-1544
á CVE-2014-1544
á CVE-2014-1545
á CVE-2014-1545
á CVE-2014-1545
á CVE-2014-1737
á CVE-2014-1738
á CVE-2014-1874
á CVE-2014-1876
á CVE-2014-2039
á CVE-2014-2397
á CVE-2014-2398
á CVE-2014-2402
á CVE-2014-2403
á CVE-2014-2412
á CVE-2014-2413
á CVE-2014-2414
á CVE-2014-2421
á CVE-2014-2423
á CVE-2014-2427
á CVE-2014-2483
á CVE-2014-2490
á CVE-2014-2672
á CVE-2014-2678
á CVE-2014-2706
á CVE-2014-2851
á CVE-2014-3144
á CVE-2014-3145
á CVE-2014-3153
á CVE-2014-3493
á CVE-2014-3505
á CVE-2014-3506
á CVE-2014-3507
á CVE-2014-3508
á CVE-2014-3509
á CVE-2014-3510
á CVE-2014-3511
á CVE-2014-4209
á CVE-2014-4216
á CVE-2014-4218
á CVE-2014-4219
á CVE-2014-4221
á CVE-2014-4223
á CVE-2014-4244
á CVE-2014-4252
á CVE-2014-4262
á CVE-2014-4263
á CVE-2014-4266
á CVE-2014-4699
á CVE-2014-4943
á CVE-2014-5119
Severity Rating: CVSS v2 Base Score: See NVD (http://nvd.nist.gov/) for individual scores for each CVE
Affected products:
- RSA Security Analytics 10.3.x
- RSA Security Analytics 10.2.x
- RSA Security Analytics 10.1.x
- RSA Security Analytics 10.0.x
- RSA NetWitness 9.8.x
- RSA NetWitness 9.7.x
- RSA NetWitness 9.6.x
Affected Products:
Multiple embedded components within RSA Security Analytics and RSA NetWitness require a security update to address various vulnerabilities.
Details:
Multiple embedded components are updated for the following vulnerabilities:
Embedded components of CentOS:
- Kernel: CVE-2014-3153, CVE-2014-1737, CVE-2014-4699, CVE-2014-4943
- Nss: CVE-2014-1544, CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1545, CVE-2014-1492
- Httpd: CVE-2014-0226, CVE-2014-0118, CVE-2014-0231
- Samba: CVE-2014-3560
OpenSSL:
- Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
- Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
- Double Free when processing DTLS packets (CVE-2014-3505)
- DTLS memory exhaustion (CVE-2014-3506)
- DTLS memory leak from zero-length fragments (CVE-2014-3507)
- OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
- OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
- SRP buffer overrun (CVE-2014-3512)
For more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140806.txt
Java:
- Please refer to the vendor advisory https://rhn.redhat.com/errata/RHSA-2014-0889.html for the CVEs related to Oracle JAVA.
Resolution:
The following RSA Security Analytics and RSA NetWitness release contains resolutions to these issues:
- RSA Security Analytics Q3 2014 Security Update
RSA strongly recommends all customers upgrade at the earliest opportunity.