Secunia Research: OpenPNE PHP Object Injection Vulnerability
== Secunia Research 20/01/2014 OpenPNE PHP Object Injection Vulnerability == Table of Contents Affected Software1 Severity.2 Vendor's Description of Software.3 Description of Vulnerability.4 Solution.5 Time Table...6 Credits..7 References...8 About Secunia9 Verification10 == 1) Affected Software * OpenPNE 3.6.13 * OpenPNE 3.8.9 NOTE: Prior versions may also be affected. == 2) Severity Rating: Highly critical Impact: System access, Manipulation of data Where: From remote == 3) Vendor's Description of Software OpenPNE is a Social Networking Service Engine written in PHP. Product Link: http://www.openpne.jp/ == 4) Description of Vulnerability Secunia Research has discovered a vulnerability in OpenPNE, which can be exploited by malicious people to manipulate certain data or compromise a vulnerable system. The vulnerability is caused due to the opSecurityUser::getRememberLoginCookie() method defined in the /lib/user/opSecurityUser.class.php script using the unserialize() function with user controlled input. This can be exploited to e.g. delete arbitrary files or execute arbitrary PHP code via specially crafted serialized objects sent in a Cookie header. == 5) Solution Update to version 3.6.13.1 or 3.8.9.1. == 6) Time Table 20/11/2013 - Vendor notified. 16/12/2013 - Vendor acknowledges report and states fixed releases planned for January 2014. 27/12/2013 - Vendor creates patches and states fixed releases planned for January 20, 2014. 08/01/2014 - Vulnerability details sent to IPA Security Center. 20/01/2014 Vendor released fixed versions. 20/01/2014 Public disclosure. == 7) Credits Discovered by Egidio Romano, Secunia Research. == 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned the CVE-2013-5350 identifier for the vulnerability. == 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ == 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2014-1/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ==
[ MDVSA-2014:011 ] java-1.7.0-openjdk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:011 http://www.mandriva.com/en/support/security/ ___ Package : java-1.7.0-openjdk Date: January 20, 2014 Affected: Business Server 1.0 ___ Problem Description: Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk: An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions (CVE-2013-5907). Multiple improper permission check issues were discovered in the CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2014-0428, CVE-2014-0422, CVE-2013-5893). Multiple improper permission check issues were discovered in the Serviceability, Security, CORBA, JAAS, JAXP, and Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions (CVE-2014-0373, CVE-2013-5878, CVE-2013-5910, CVE-2013-5896, CVE-2013-5884, CVE-2014-0416, CVE-2014-0376, CVE-2014-0368). It was discovered that the Beans component did not restrict processing of XML external entities. This flaw could cause a Java application using Beans to leak sensitive information, or affect application availability (CVE-2014-0423). It was discovered that the JSSE component could leak timing information during the TLS/SSL handshake. This could possibly lead to disclosure of information about the used encryption keys (CVE-2014-0411). The updated packages provides a solution for these security issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5878 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5893 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5896 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-January/025800.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html https://rhn.redhat.com/errata/RHSA-2014-0026.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 990636198d068d351db6fb422d8edd94 mbs1/x86_64/java-1.7.0-openjdk-1.7.0.60-2.4.4.1.mbs1.x86_64.rpm 3e6f04b976359ce2aac53656fbc9580e mbs1/x86_64/java-1.7.0-openjdk-accessibility-1.7.0.60-2.4.4.1.mbs1.x86_64.rpm e053f2778cd70732f2f83ed8e3096253 mbs1/x86_64/java-1.7.0-openjdk-demo-1.7.0.60-2.4.4.1.mbs1.x86_64.rpm c1e9cf24972481dc56197f64b5cf16de mbs1/x86_64/java-1.7.0-openjdk-devel-1.7.0.60-2.4.4.1.mbs1.x86_64.rpm da3dc070c107b6bbce6e0496c903a03c mbs1/x86_64/java-1.7.0-openjdk-headless-1.7.0.60-2.4.4.1.mbs1.x86_64.rpm 49d123d6368d5dc71dbb3a5cde2ae04f mbs1/x86_64/java-1.7.0-openjdk-javadoc-1.7.0.60-2.4.4.1.mbs1.noarch.rpm fed79e054fcd7fc035d32f45399f3ff5 mbs1/x86_64/java-1.7.0-openjdk-src-1.7.0.60-2.4.4.1.mbs1.x86_64.rpm c0265b191a65f3f276359e541db1ccab mbs1/SRPMS/java-1.7.0-openjdk-1.7.0.60-2.4.4.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com
[ MDVSA-2014:012 ] nss
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:012 http://www.mandriva.com/en/support/security/ ___ Package : nss Date: January 20, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been discovered and corrected in Mozilla NSS: The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic (CVE-2013-1740). The updated packages have been upgraded to the 3.15.4 version which is not vulnerable to this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1740 ___ Updated Packages: Mandriva Enterprise Server 5: f674706b35674107bd7396b1d96fae8e mes5/i586/libnss3-3.15.4-0.1mdvmes5.2.i586.rpm b9b37f74a5e2e2763cba726e025844a3 mes5/i586/libnss-devel-3.15.4-0.1mdvmes5.2.i586.rpm fbe175ab0f99db303bc39596d2d87555 mes5/i586/libnss-static-devel-3.15.4-0.1mdvmes5.2.i586.rpm 4bd2822b4d1a2777fedd75a9825aada9 mes5/i586/nss-3.15.4-0.1mdvmes5.2.i586.rpm 5a9dd4c42d87798914461b2b023e243a mes5/i586/nss-doc-3.15.4-0.1mdvmes5.2.i586.rpm 5e1b4fc7a38d45ab0ea66e512c165354 mes5/SRPMS/nss-3.15.4-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: f7134e0a5323a84b424e73c06eafd861 mes5/x86_64/lib64nss3-3.15.4-0.1mdvmes5.2.x86_64.rpm 217a2a2bbe77d069a64fe5b103c7f6c6 mes5/x86_64/lib64nss-devel-3.15.4-0.1mdvmes5.2.x86_64.rpm 29595f8f82d400b726ad55864cc12641 mes5/x86_64/lib64nss-static-devel-3.15.4-0.1mdvmes5.2.x86_64.rpm 36bc0542da06dcb333dbfaa1a43b62d9 mes5/x86_64/nss-3.15.4-0.1mdvmes5.2.x86_64.rpm 4bec1f2f9ab2f80686657226bcd2725c mes5/x86_64/nss-doc-3.15.4-0.1mdvmes5.2.x86_64.rpm 5e1b4fc7a38d45ab0ea66e512c165354 mes5/SRPMS/nss-3.15.4-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: ae1f6b351cc0089de9332c06713587eb mbs1/x86_64/lib64nss3-3.15.4-1.mbs1.x86_64.rpm 47cc97d305ea700ccc3b9b9864a1b56e mbs1/x86_64/lib64nss-devel-3.15.4-1.mbs1.x86_64.rpm 170a2bddb2c52fb6c064ab46712e8e19 mbs1/x86_64/lib64nss-static-devel-3.15.4-1.mbs1.x86_64.rpm 28a6c953c04032051404e0de6d9cad24 mbs1/x86_64/nss-3.15.4-1.mbs1.x86_64.rpm cbd8d85cbdf3cb7746b9b30ca81de9f1 mbs1/x86_64/nss-doc-3.15.4-1.mbs1.noarch.rpm c7fab003b581f6d93577864d562cbbfb mbs1/SRPMS/nss-3.15.4-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS3TRdmqjQ0CJFipgRAn/aAJ9UL1ao5cpkDWBqJXUlPuK8g/XBVgCggzu5 EhCNM6XYU5AS6QwH4xnk0rI= =Gkw1 -END PGP SIGNATURE-
[SECURITY] [DSA 2847-1] drupal7 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2847-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 20, 2014 http://www.debian.org/security/faq - - Package: drupal7 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2014-1475 CVE-2014-1476 Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-1475 Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts. CVE-2014-1476 Matt Vance and Damien Tournoud reported an access bypass vulnerability in the taxonomy module. Under certain circumstances, unpublished content can appear on listing pages provided by the taxonomy module and will be visible to users who should not have permission to see it. These fixes require extra updates to the database which can be done from the administration pages. Furthermore this update introduces a new security hardening element for the form API. Please refer to the upstream advisory at https://drupal.org/SA-CORE-2014-001 for further information. For the stable distribution (wheezy), these problems have been fixed in version 7.14-2+deb7u2. For the testing distribution (jessie), these problems have been fixed in version 7.26-1. For the unstable distribution (sid), these problems have been fixed in version 7.26-1. We recommend that you upgrade your drupal7 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJS3aWyAAoJEAVMuPMTQ89E5dIP/jqGEGwV+imuSDbtZ5lgRY/+ IulXy6UkE9mtvO7o1i7TULJRQ+fC1QcMcukctkYEufhChDHMCoYw8vmcVr0Vug+C zVMdaETRxb+YwCnlGnSkpY80GKRE21BaTzUPrYbDW/Hqtzr8qH5/eEFPWA6wfB3C XjnUgZGPd7d44r4wXINbSdE66gtfHzvlfvM3QdiceVqSgR9jVcV5e1Wf0oG36tik qGsQJ6/nukUIgYxVSVx89xhFUFCgYtNzq42EB4p7nc6Zo6hYePuC0tbWzpVUD9jH kQipKkdnq+vnU1wYbgQ5odY7RGLenlGGDO1mQA4jXbGUEofQEOjS2jTznozSh8/m 8Qv9pfXkGhcIb7SFNjKgnDBL/6gua8vQwKwogeSVOxBRVuSGLXloe6w7kMqOoCu9 CE4zqIJPyISG9YRkEpkwB+o1SlVIYeIWxzrnjQkYxhcXAutPbCSF0iGTcTXdycPG /hQkh6rmCdZfUaCfPfgIobdp++8gHv/mmBbKtDUJl20I8hy4Yxq1lBdJoxTQ3jcp uGM00sUgIw3Nvxe34QS4zNmLZAyhiY2i6MYjEDyaWO4puoyp9ntWw6GSKDk9iU+3 MX+6oiJ5W/oqDWzVtfntOkYRFR7+GLEPTXrt2Ip64BqseOPbUEhhB0duDzc+yMjZ 8OMRqxQTnQI7VTAXvWmG =lAm7 -END PGP SIGNATURE-
[ MDVSA-2014:013 ] libxfont
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:013 http://www.mandriva.com/en/support/security/ ___ Package : libxfont Date: January 21, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been discovered and corrected in libxfont: Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file (CVE-2013-6462). The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462 ___ Updated Packages: Mandriva Enterprise Server 5: 21ddd5d021a3721894d8e91769e665e1 mes5/i586/libxfont1-1.3.3-1.2mdvmes5.2.i586.rpm 7279ba4ef6c459df5526e8fd47f8b546 mes5/i586/libxfont1-devel-1.3.3-1.2mdvmes5.2.i586.rpm e57c2ac9880cacb6a8cde20242a8 mes5/i586/libxfont1-static-devel-1.3.3-1.2mdvmes5.2.i586.rpm 5c5414a45107d891f13b3694b853bb24 mes5/SRPMS/libxfont-1.3.3-1.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 7bcfca76e624e2fa6856425fe341759b mes5/x86_64/lib64xfont1-1.3.3-1.2mdvmes5.2.x86_64.rpm 9da93243f5c64b958a49716d014598f6 mes5/x86_64/lib64xfont1-devel-1.3.3-1.2mdvmes5.2.x86_64.rpm 9246fa2da72cfdc0632b71d133dedb12 mes5/x86_64/lib64xfont1-static-devel-1.3.3-1.2mdvmes5.2.x86_64.rpm 5c5414a45107d891f13b3694b853bb24 mes5/SRPMS/libxfont-1.3.3-1.2mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 8987c8fe13c56daf372157d7af320fa6 mbs1/x86_64/lib64xfont1-1.4.5-2.1.mbs1.x86_64.rpm 5e0a2e81d72fdc0acb4d9cd6ebc102c2 mbs1/x86_64/lib64xfont1-devel-1.4.5-2.1.mbs1.x86_64.rpm aeae88972fbbc4f41cd1540c05506661 mbs1/x86_64/lib64xfont1-static-devel-1.4.5-2.1.mbs1.x86_64.rpm f3e0098239e7e631e0419d302598dacd mbs1/SRPMS/libxfont-1.4.5-2.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFS3kCRmqjQ0CJFipgRApmUAJ9LaGz9/zzlykfhq9zAaX+QFDjAAACfegxP KTaV2JDJGCb6clUQC2tY3Tw= =xAAU -END PGP SIGNATURE-