Ronald Volgers

Name of the Vulnerable Software and Affected Versions: Citrix XenServer versions 7.1 and newer Description: The issue is related to incorrect restriction of a directory path name with limited access. Exploitation of this issue may allow a remote attacker to gain unauthorized access to information and compromise its integrity and availability. The problem is described as a Directory Traversal issue. Recommendations: For Citrix XenServer versions 7.1 and newer, apply the necessary security patches or updates to resolve the Directory Traversal issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Parallels Plesk Panel version 11.0.9 **Description** The issue concerns the suexec implementation, which contains a cgi-wrapper whitelist entry. This allows remote attackers to execute arbitrary PHP code via a request containing crafted environment variables. **Recommendations** For Parallels Plesk Panel version 11.0.9, consider restricting access to the suexec implementation until a patch is available. As a temporary workaround, avoid using crafted environment variables in requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Parallels Plesk Panel version 11.0.9 **Description** The issue is related to an untrusted search path vulnerability in the /usr/local/psa/admin/sbin/wrapper component. This vulnerability allows local users to gain privileges by crafting the PATH environment variable. **Recommendations** For Parallels Plesk Panel version 11.0.9, consider restricting access to the /usr/local/psa/admin/sbin/wrapper component until a patch is available. As a temporary workaround, avoid using the `PATH` environment variable in sensitive operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** memcached versions prior to 1.4.17 **Description** The issue concerns multiple vulnerabilities in the memcached package that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, integer overflows in certain versions of memcached can allow remote attackers to execute arbitrary code by exploiting length attributes that trigger heap-based buffer overflows. **Recommendations** For versions prior to 1.4.17, update to version 1.4.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the memcached service to minimize the risk of exploitation. Avoid using the vulnerable memcached package until the issue is resolved by updating to a non-vulnerable version.

**Name of the Vulnerable Software and Affected Versions** Samba versions 3.0 through 3.0.36 Samba versions 3.2 through 3.2.14 Samba versions 3.3 through 3.3.7 Samba versions 3.4 through 3.4.1 Samba versions prior to 3.5.15 **Description** The issue concerns multiple vulnerabilities in the Samba software, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by a remote attacker who has passed the authentication procedure. The exploitation can result in unauthorized access to sensitive data. **Recommendations** For Samba versions 3.0 through 3.0.36, update to version 3.0.37 or later. For Samba versions 3.2 through 3.2.14, update to version 3.2.15 or later. For Samba versions 3.3 through 3.3.7, update to version 3.3.8 or later. For Samba versions 3.4 through 3.4.1, update to version 3.4.2 or later. For Samba versions prior to 3.5.15, update to version 3.5.15 or later. As a temporary workaround, consider restricting access to the Samba service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** mount-cifs versions 3.0.30 and earlier Samba versions 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 libsmbclient-64bit (affected versions not specified) libsmbclient0-64bit (affected versions not specified) libtalloc1-32bit (affected versions not specified) libtalloc1-64bit (affected versions not specified) libtdb1-64bit (affected versions not specified) libwbclient0-64bit (affected versions not specified) samba-client-64bit (affected versions not specified) samba-pdb (affected versions not specified) samba-python (affected versions not specified) samba-vscan (affected versions not specified) samba-winbind-64bit (affected versions not specified) cifs-mount (affected versions not specified) libsmbclient (affected versions not specified) libsmbclient-x86 (affected versions not specified) libsmbsharemodes (affected versions not specified) libmsrpc (affected versions not specified) libmsrpc-devel (affected versions not specified) samba-64bit (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in various packages of the Samba software and related components, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally or remotely. The exploitation may allow attackers to gain privileges or disrupt the system. Technical details about the exploitation include the possibility of a symlink attack on the mountpoint directory file in the mount.cifs component. **Recommendations** For mount-cifs version 3.0.30 and earlier, update to a version later than 3.0.30. For Samba versions 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5, update to a version later than 3.4.5. For libsmbclient-64bit, libsmbclient0-64bit, libtalloc1-32bit, libtalloc1-64bit, libtdb1-64bit, libwbclient0-64bit, samba-client-64bit, samba-pdb, samba-python, samba-vscan, samba-winbind-64bit, cifs-mount, libsmbclient, libsmbclient-x86, libsmbsharemodes, libmsrpc, libmsrpc-devel, and samba-64bit, update to the latest available version. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available.