FreeBSD Security Advisory FreeBSD-SA-15:22.openssh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-15:22.opensshSecurity Advisory The FreeBSD Project Topic: OpenSSH multiple vulnerabilities Category: contrib Module: openssh Announced: 2015-08-25 Affects:All supported versions of FreeBSD. Corrected: 2015-08-25 20:48:44 UTC (stable/10, 10.2-STABLE) 2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RC3-p2) 2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RELEASE-p2) 2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19) 2015-08-25 20:48:44 UTC (stable/9, 9.3-STABLE) 2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24) For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background OpenSSH is an implementation of the SSH protocol suite, providing an encrypted and authenticated transport for a variety of services, including remote shell access. The PAM (Pluggable Authentication Modules) library provides a flexible framework for user authentication and session setup / teardown. The default FreeBSD OpenSSH configuration has PAM interactive authentication enabled. Privilege separation is a technique in which a program is divided into multiple cooperating processes, each with a different task, where each process is limited to the specific privileges required to perform that specific task, while the privileged parent process acts as an arbiter. II. Problem Description A programming error in the privileged monitor process of the sshd(8) service may allow the username of an already-authenticated user to be overwritten by the unprivileged child process. A use-after-free error in the privileged monitor process of he sshd(8) service may be deterministically triggered by the actions of a compromised unprivileged child process. A use-after-free error in the session multiplexing code in the sshd(8) service may result in unintended termination of the connection. III. Impact The first bug may allow a remote attacker who a) has already succeeded by other means in compromising the unprivileged pre-authentication child process and b) has valid credentials to one user on the target system to impersonate a different user. The second bug may allow a remote attacker who has already succeeded by other means in compromising the unprivileged pre-authentication child process to bypass PAM authentication entirely. The third bug is not exploitable, but can cause premature termination of a multiplexed ssh connection. IV. Workaround No workaround is available, but systems where ssh(1) and sshd(8) are not used are not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. The sshd(8) service has to be restarted after the update. A reboot is recommended but not required. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install The sshd(8) service has to be restarted after the update. A reboot is recommended but not required. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-15:22/openssh.patch # fetch https://security.FreeBSD.org/patches/SA-15:22/openssh.patch.asc # gpg --verify openssh.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in https://www.FreeBSD.org/handbook/makeworld.html>. Restart the sshd(8) daemon, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - - stable/9/ r287144 releng/9.3/ r287147 stable/10/r287144 releng/10.1/ r287146 releng/10.2/ r287145 - -
FreeBSD Security Advisory FreeBSD-SA-15:21.amd64
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-15:21.amd64 Security Advisory The FreeBSD Project Topic: Local privilege escalation in IRET handler Category: core Module: sys_amd64 Announced: 2015-08-25 Credits:Konstantin Belousov, Andrew Lutomirski Affects:FreeBSD 9.3 and FreeBSD 10.1 Corrected: 2015-03-31 00:59:30 UTC (stable/10, 10.1-STABLE) 2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19) 2015-03-31 01:08:51 UTC (stable/9, 9.3-STABLE) 2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24) CVE Name: CVE-2015-5675 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background FreeBSD/amd64 is commonly used on 64bit systems with AMD and Intel CPU's. The GS segment CPU register is used by both user processes and the kernel to conveniently access state data: 32-bit user processes use the register to manage per-thread data, while the kernel uses it to access per-processor data. The return from interrupt (IRET) instruction returns program control from an interrupt handler to the interrupted context. II. Problem Description If the kernel-mode IRET instruction generates an #SS or #NP exception, but the exception handler does not properly ensure that the right GS register base for kernel is reloaded, the userland GS segment may be used in the context of the kernel exception handler. III. Impact By causing an IRET with #SS or #NP exceptions, a local attacker can cause the kernel to use an arbitrary GS base, which may allow escalated privileges or panic the system. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install And reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-15:21/amd64.patch # fetch https://security.FreeBSD.org/patches/SA-15:21/amd64.patch.asc # gpg --verify amd64.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - - stable/9/ r280877 releng/9.3/ r287147 stable/10/r280875 releng/10.1/ r287146 - - To see which files were modified by a particular revision, run the following command, replacing NN with the revision number, on a machine with Subversion installed: # svn diff -cNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NN with the revision number: https://svnweb.freebsd.org/base?view=revision&revision=NN> VII. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5675> The latest revision of this advisory is available at https://security.FreeBSD.org/advisories/FreeBSD-SA-15:21.amd64.asc> -BEGIN PGP SIGNATURE- Version: GnuPG v2.1.7 (FreeBSD) iQIcBAEBCgAGBQJV3Ne8AAoJEO1n7NZdz2rn5ncQANs2pS8xCowX+BM9LmKTUb2Y eqGCvDetXV51/ljAOS10ubc4U0Zn2D5ACyz/DfiLIXVK8vkvlnJXFh3jSK6KIqPH ionXa8zMedBoytZL8xIEFSpk9+cYGkGupIYEGu6CCHVZGJ5fVgTlnnazuXd4evbt U1/7KNWt2H1R1j0YiYZ0MvhrIF35KqFmLOGf2JmZulqruwq91tYeMlv+7IY6vtPD L8n5kTM7pudB3qznXd1PBMj1Y6YVG1O3WL4Stfyj93qDuMbJ+wfnao1ZKMBG0az8 IJITHrnTI+Xd4i/bbEoSmSN9V80S8uo/6J6JaXjtbrJfEqAMKhLrrcoMA7MHpKJQ L4dv2HGL1n7xfOIfj5Qo2io/LUSye5lO54LtEKZfjhzqsTtNQl57BDAYZgbQp2/A RsngIq3VrNcIJQK8F1Ba7SNL2+NVd091Wb+Z52837R5/D47jD2BhDia5eH6R5Opv 6kfzTJujbLi6b9RSn0OT+wAQbQ80qSmD+IwMXwAAg0mukthjTiJpqabpMWvMmfGO mhfZBGqmf1Hx4lTczSRMLlRCmjOBc+BKioHT2
RE: [security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multiple Vulnerabilities
En alle hp serverts geupdated. -Original Message- From: security-al...@hp.com [mailto:security-al...@hp.com] Sent: Monday, August 24, 2015 10:06 PM To: bugtraq@securityfocus.com Subject: [security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multiple Vulnerabilities -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04765169 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04765169 Version: 1 HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multiple Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-08-18 Last Updated: 2015-08-18 Potential Security Impact: Remote Denial of Service (DoS), unauthorized modification, unauthorized access, disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Version Control Agent (VCA) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized modification, unauthorized access, or disclosure of information. References: CVE-2014-3569 - Remote Denial of Service (DoS) CVE-2014-3570 - Remote Disclosure of Information CVE-2014-3571 - Remote Denial of Service (DoS) CVE-2014-3572 - Remote Disclosure of Information CVE-2014-8275 - Remote Unauthorized Modification CVE-2015-0204 - Remote Disclosure of Information CVE-2015-0205 - Remote Unauthorized Access CVE-2015-0206 - Remote Denial of Service (DoS) CVE-2015-0207 - Remote Denial of Service (DoS) CVE-2015-0208 - Remote Denial of Service (DoS) CVE-2015-0209 - Remote Denial of Service (DoS) CVE-2015-0285 - Remote Disclosure of Information CVE-2015-0286 - Remote Denial of Service (DoS) CVE-2015-0287 - Remote Denial of Service (DoS) CVE-2015-0288 - Remote Denial of Service (DoS) CVE-2015-0289 - Remote Denial of Service (DoS) CVE-2015-0290 - Remote Denial of Service (DoS) CVE-2015-0291 - Remote Denial of Service (DoS) CVE-2015-0292 - Remote Denial of Service (DoS) CVE-2015-0293 - Remote Denial of Service (DoS) CVE-2015-1787 - Remote Denial of Service (DoS) SSRT102192 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Version Control Agent (VCA) prior to version 7.3.5 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2014-3569(AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3570(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-3571(AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3572(AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2014-8275(AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0204(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-0205(AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-0206(AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0207(AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0208(AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-0209(AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-0285(AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0286(AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0287(AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0288(AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0289(AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0290(AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0291(AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-0292(AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2015-0293(AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1787(AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP Version Control Agent (VCA). Please download the latest version of HP Version Control Agent (VCA) 7.3.5 from the following locations: For Windows: X86: http://www.hp.com/swpublishing/MTX-676ddad17a06423589ee8889d0 X64: http://www.hp.com/swpublishing/MTX-72d53359c85340f899e81986a7 For Linux: http://www.hp.com/swpublishing/MTX-c54de3da8602433283d55e7369 HISTORY Version:1 (rev.1) - 18 August 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security v
[SECURITY] [DSA 3343-1] twig security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3343-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond August 26, 2015 https://www.debian.org/security/faq - - Package: twig James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier discovered that twig, a templating engine for PHP, did not correctly process its input. End users allowed to submit twig templates could use specially crafted code to trigger remote code execution, even in sandboxed templates. For the stable distribution (jessie), this problem has been fixed in version 1.16.2-1+deb8u1. For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 1.20.0-1. We recommend that you upgrade your twig packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCgAGBQJV3ZhyAAoJEBC+iYPz1Z1kfZAH/j4xWjGxAVvIIoIkyBOzdXZ4 xQgiHtPjJmrDqsAiW1kEFgpBRNA29WWDM8a0YNP0sI1KfhAwypAoaGhkWdeVoAgv yOTUcphI5eWc4PXnExf4xVqoWIMtY4eSs5CQ3Iy1wwMOLgoQGPfwMCuvQHx22Kyg tkqOgnfqwR1zEzZ4yQqOWVING4k6juIH3vjf1IvDeijfVnvKzCVT02CIX2sxLK4B OnYVXMnXPUHBqWFNrdycKmA1+dP4Pv0f5XuD69vRueXxVWwddnHyrxN9sStlPkP1 k0E6VLTxlwjlYxt9vigsx2q5lt3u+/FtpLmVVrmdU6yahOh+nC05rUzFoZUoa9k= =FPDb -END PGP SIGNATURE-
[security bulletin] HPSBGN03414 rev.1 - HP Operations Agent, Remote Disclosure of Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04777195 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04777195 Version: 1 HPSBGN03414 rev.1 - HP Operations Agent, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-08-25 Last Updated: 2015-08-25 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HP Operations Agent. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. References: CVE-2015-2808 - "Bar Mitzvah" SSRT102200 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Operations Agent v11.0, v11.01, v11.02, v11.03, v11.04, v11.05, v11.10, v11.11, v11.12, v11.13, v11.20, and v11.14. BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2015-2808(AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following mitigation information available to resolve the vulnerabilities for the impacted versions of HP Operations Agent. Please consult HP Software Support Online (SSO): https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea rch/document/KM01758900?lang=en&cc=us&hpappid=113963_OSP_PRO_HPE HISTORY Version:1 (rev.1) - 25 August 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlXcz4EACgkQ4B86/C0qfVl96wCgopvx99n1jar+wLeOG5mw//vW 7mMAn3RFdpyhQow08uLzhhOlEA38HDEn =lpKV -END PGP SIGNATURE-
[security bulletin] HPSBGN03415 rev.1 - HP Operations Agent Virtual Appliance, Remote Disclosure of Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04777255 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04777255 Version: 1 HPSBGN03415 rev.1 - HP Operations Agent Virtual Appliance, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-08-25 Last Updated: 2015-08-25 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HP Operations Agent Virtual Appliance. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. References: CVE-2015-2808 - "Bar Mitzvah" SSRT102201 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Operations Agent Virtual Appliance v11.11, v11.12, v11.13, v11.14. BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2015-2808(AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following mitigation information available to resolve the vulnerabilities for the impacted versions of HP Operations Agent Virtual Appliance. Please consult HP Software Support Online (SSO): https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea rch/document/KM01762720?lang=en&cc=us&hpappid=113963_OSP_PRO_HPE HISTORY Version:1 (rev.1) - 25 August 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlXc2VQACgkQ4B86/C0qfVlLqACeIqOcQxuAaP27DlSwGD5qpvf5 8nIAn0mPlNqDMwFRJ3k+sOnreNsdg8nF =aDaY -END PGP SIGNATURE-
[security bulletin] HPSBGN03399 rev.1 - HP BSM Connector (BSMC), Remote Unauthorized Modification, Disclosure of Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04767175 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04767175 Version: 1 HPSBGN03399 rev.1 - HP BSM Connector (BSMC), Remote Unauthorized Modification, Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-08-25 Last Updated: 2015-08-25 Potential Security Impact: Remote unauthorized modification, disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HP BSM Connector (BSMC). - The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. - The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. References: CVE-2015-4000 - "Logjam" CVE-2015-2808 - "Bar Mitzvah" SSRT102199, SSRT102205 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP BSM Connector (BSMC) v9.20, v9.21, v9.22, v9.23, and v10.00. BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2015-4000(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-2808(AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following mitigation information available to resolve the vulnerabilities for the impacted versions of HP BSM Connector (BSMC). Please consult HP Software Support Online (SSO): BSMC 9.2x https://softwaresupport.hp.com/group/softwaresupport/search-result/-/fa cetsearch/document/KM01762681 BSMC 10.0 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/fa cetsearch/document/KM01758600?lang=en&cc=us&hpappid=113963_OSP_PRO_HPE HISTORY Version:1 (rev.1) - 25 August 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlXcmY4ACgkQ4B86/C0qfVkkGACg6r1zitX/sCSn2X4apFuS/dV/ QSMAn0wrsKxABxXlcBP4dy3KTubTltop =AMbn -END PGP SIGNATURE-
[security bulletin] HPSBGN03405 rev.1 - HP Integration Adaptor, Remote Unauthorized Modification, Disclosure of Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04773004 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04773004 Version: 1 HPSBGN03405 rev.1 - HP Integration Adaptor, Remote Unauthorized Modification, Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-08-25 Last Updated: 2015-08-25 Potential Security Impact: Remote unauthorized modification, disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HP Integration Adaptor. - The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. - The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. References: CVE-2015-4000 - "Logjam" CVE-2015-2808 - "Bar Mitzvah" SSRT102214 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Integration Adaptor v9.12. BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2015-4000(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-2808(AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following mitigation information available to resolve the vulnerability for the impacted versions of HP Integration Adaptor. Please consult HP Software Support Online (SSO): https://softwaresupport.hp.com/group/softwaresupport/search-result/-/face tsearch/document/KM01763510?lang=en&cc=us&hpappid=113963_OSP_PRO_HPE HISTORY Version:1 (rev.1) - 25 August 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlXcmY4ACgkQ4B86/C0qfVmj7wCfTQBQT74m2enq5IIrb9II5+do 9m8AoIqsy5s0D9ABNrEnGv/cwa81598Q =wO9x -END PGP SIGNATURE-
CVE-2015-6535: Stored XSS in YouTube Embed (WordPress plugin) allows admins to compromise super admins
Details Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 (Pending) CWE ID: CWE-79 CVSS: 5.5 (Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N) Description A stored XSS vulnerability in YouTube Embed 3.3.2 (and possibly earlier versions) allows admin users to compromise other admins and super admins. YouTube Embed is a WordPress plugin with over 30,000 active installs. Vulnerability Admins on multisite installs can inject arbitrary JavaScript into pages visible to super admins via the plugin's unsanitized profile name field. Note: Admins on multisite installs lack the unfiltered_html capability only super admins can enter unfiltered html [2]. >From youtube-embed/includes/options-profiles.php: 31: $options[ 'name' ] = $_POST[ 'youtube_embed_name' ]; 95: echo '' . __( $options[ 'name' ].' Profile Saved.' ) . "\n"; Proof of concept 1. As an admin user authorized for plugins, go to the YouTube Embed Profiles page. 2. Choose a profile from the drop down list on the right and click 'Change profile'. 3. Enter an XSS payload (e.g. alert(1)) into the 'Profile name' field. 4. Log out and log in as a super admin or a different admin. 5. Navigate to the YouTube Embed Options page. This has been tested with Firefox 38.2.0 on Debian. Mitigation Upgrade the plugin to version 3.3.3 or later. Timeline 2015-08-19: Discovered 2015-08-19: Requested vulnerability reporting instructions via vendor support form 2015-08-20: Vendor asked that vulnerability be reported on the vendor's website plugin page 2015-08-20: Reported to vendor via plugin page 2015-08-20: Requested CVE number 2015-08-23: Vendor released version 3.3.3 confirmed fixed 2015-08-26: Public Disclosure References [1] https://wordpress.org/plugins/youtube-embed/changelog/ [2] https://codex.wordpress.org/Roles_and_Capabilities#Additional_Admin_Capabilities
[security bulletin] HPSBGN03411 rev.1 - HP Operations Agent Virtual Appliance, Remote Unauthorized Disclosure of Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04774058 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04774058 Version: 1 HPSBGN03411 rev.1 - HP Operations Agent Virtual Appliance, Remote Unauthorized Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-08-25 Last Updated: 2015-08-25 Potential Security Impact: Remote unauthorized disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified in HP Operations Agent Virtual Appliance. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. References: CVE-2015-4000 - "Logjam" SSRT102206 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Operations Agent Virtual Appliance v11.11, v11.12, v11.13, v11.14. BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2015-4000(AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following mitigation information and software updates available to resolve the vulnerability for the impacted versions of HP Operations Agent Virtual Appliance. Please consult HP Software Support Online (SSO): https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea rch/document/KM01762721?lang=en&cc=us&hpappid=113963_OSP_PRO_HPE HISTORY Version:1 (rev.1) - 25 August 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlXd+/UACgkQ4B86/C0qfVmgkgCgw12ZS67u4VH3oecSxy/F2/wq yWUAoI1efLZMuoNmePMla+uQ5USUPg+1 =xKFu -END PGP SIGNATURE-