Palo Alto Networks Fixes Flaws

Tuesday, November 22, 2016 @ 02:11 PM gHale

Palo Alto Networks fixed vulnerabilities in its PAN-OS operating system where an attacker could chain together the issues, gain root privileges and then execute arbitrary code.

Three vulnerabilities ended up reported to Palo Alto Networks by Project Zero Researcher Tavis Ormandy in August.

Cisco Fixes Email Security Appliance
3D Manufacturing Hack Downs Drone
How to Improve ICS Security
DHS Looks to Fund CoE

The most serious of them, rated critical and tracked as CVE-2016-9150, deals with a buffer overflow situation and how the PAN-OS web management server handles it.

In this case, an attacker with network access to the management interface can take advantage of this weakness to execute arbitrary code or cause a denial-of-service (DoS).

Ormandy said PAN-OS uses a modified version of the Appweb 3 embedded web server, which reached end-of-life in 2012 and no longer receives security updates.

While this vulnerability only allows remote code execution as an unprivileged user, Ormandy uncovered two local privilege escalation bugs that could end up leveraged to obtain root permissions. These flaws have the case number: CVE-2016-9151.

“Palo Alto Networks firewalls do not properly validate certain environment variables which can potentially allow executing code with higher privileges,” the vendor said in its advisory.

The vulnerabilities affect PAN-OS 5.0.19 and earlier, PAN-OS 5.1.12 and earlier, PAN-OS 6.0.14 and earlier, PAN-OS 6.1.14 and earlier, PAN-OS 7.0.10 and earlier, and PAN-OS 7.1.5 and earlier.

Palo Alto addressed the issues last week with the release of PAN-OS versions 5.0.20, 5.1.13, 6.0.15, 6.1.15, 7.0.11 and 7.1.6.

The updates also resolve a post-authentication vulnerability that can allow XPath manipulation, and an OpenSSH flaw. Both of these issues were “low severity.”

Leave a Reply

You must be logged in to post a comment.