[SECURITY] [DSA 2728-1] bind9 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2728-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso July 27, 2013 http://www.debian.org/security/faq - - Package: bind9 Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2013-4854 Debian Bug : 717936 Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query. For the oldstable distribution (squeeze), this problem has been fixed in version 1:9.7.3.dfsg-1~squeeze11. For the stable distribution (wheezy), this problem has been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your bind9 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJR88b0AAoJEHidbwV/2GP+QfIQAPhGEyGnmOvY8n5v0LJTMDFz kbPlzk+8nWg0uQJdHW6s4la+QaYvGKm8tFYVgoq3wNhofd522wMZCjHe0u7q9u5i 3UXC6xTgEwrLZqiHGxJg2UUuPB68ruH0GZHuaUaVTMjVkHFpN8trjysT+SSSBTzA qQwOX7VDe+yeJWG8JF6e7aK5CFcUcd6gAyS3md7XgrPL+jP37eBZIE9xVB4Wwcx/ Z+IJPgjN2ztaBNQqUFxHRlXqjNrzIlwu1J6Dd+lZPL5m+/7mkd1RblqcrU3f1ghL e6dNM56OGEGNZK/H1SIw5BvkcQEyQg+ihmon2qsKusd7ai5ABA1A2NauPWI7BL6/ At6sR+DF2F/EdsaR9GaTf4bH/ZwwDdTlALteUmg49tyn/IQoY9zjRQr0i9RgGbAy dXbmX06axEu9sHb1iv+wWtL97FcWkwSp+FUXNRrc4AynO34syIlS/mj8BPb8lFAO Bzv+DAou3Vzm0u8H1EO57m9p3N/2CIAYhkjqrIfN7W7dVJeA4+59bTRgnFCeSp1D jtbCI9lh+5frj9A6e/JHVw7rrv/gqqgl2pTgYETqEAPBC/MvlIULyUqwb5mzVGDF RF29M0G79I/9dc1qAyleykYOG4la6GDJ2Mi2x1MmGt1RH5gvjXFk+rkkb322X8Og 7rvrc70Mm/ZcvSa+k4zl =U27+ -END PGP SIGNATURE-
Re: DEFCON London - DC4420 July - social event - Tuesday 30th July 2013
I've been reminded that I should mention that the venue for out meet-ups is the downstairs bar at The Phoenix, Cavendish Square, London W1G 0PP More details at dc4420.org Tttfn, Tony
WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability
Title: == WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability Date: = 2013-07-27 References: === http://www.vulnerability-lab.com/get_content.php?id=1035 VL-ID: = 1035 Common Vulnerability Scoring System: 8.8 Introduction: = WebDisk lets your iphone/ipad become a file website over wi-fi netwrk.You can upload/download your document to your iphone/ipad on your pc browser over wi-fi and it is also a document viewer. Lets you direct view your document on your iphone/iphone. ( Copy of the Homepage: https://itunes.apple.com/us/app/webdisk/id546221210 ) Abstract: = The Vulnerability Laboratory Research Team discovered a remote code execution vulnerability in the WebDisk v3.0.2 application (Apple iOS - iPad iPhone). Report-Timeline: 2013-07-27:Public Disclosure (Vulnerability Laboratory) Status: Published Affected Products: == Apple AppStore Product: WebDisk PhotoViewer - Application 3.0.2 Exploitation-Technique: === Remote Severity: = Critical Details: A remote command execution web vulnerability is detected in the WebDisk v3.0.2 application (Apple iOS - iPad iPhone). The vulnerability allows remote attacker to execute code inside of a vulnerable web application module to compromise the device. The vulnerability is located in the afgetdir.ma file when processing to request manipulated path parameters. Remote attackers can execute code from the main application index by using the upload input field. The code inside of the file upload field does not require to choose a file for an upload but executes the context directly via GET variable. The result is a web application code execution from the main index module. The code will be executed from the listing location under the upload input field of the webdisk wifi application. Exploitation of the vulnerability does not require user interaction or a privilege application user account. Successful exploitation results webdisk web-application or apple device compromise via remote code execution. Vulnerable Module(s): [+] Upload - Input Field Vulnerable File(s): [+] afgetdir.ma Vulnerable Parameter(s): [+] p (path) Affected Module(s): [+] Index File Dir Listing Proof of Concept: = The remote command execution vulnerability can be exploited by remote attackers without privilege application user account or user interaction. For demonstration or reproduce ... --- Exploitation Request Session Logs --- Status: 200[OK] GET http://192.168.2.104:1861/aadd.htm Load Flags[LOAD_BACKGROUND ] Content Size[641] Mime Type[application/x-unknown-content-type] Request Headers: Host[192.168.2.104:1861] User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[en-US,en;q=0.5] Accept-Encoding[gzip, deflate] DNT[1] Referer[http://192.168.2.104:1861/afgetdir.ma?p=%5Cvar%5Cmobile%5CApplications%5C8D137E49-3793-4C45-9A50-B8AF3AE7EA56%5CDocuments%5CLibrary%5CWD%5C] Connection[keep-alive] Response Headers: Content-Length[641] Server[MHttpServer/1.0.0] Status: 200[OK] GET http://192.168.2.104:1861/[CODE EXECUTION]+PATH Load Flags[LOAD_DOCUMENT_URI ] Content Size[0] Mime Type[application/x-unknown-content-type] Request Headers: Host[192.168.2.104:1861] User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[en-US,en;q=0.5] Accept-Encoding[gzip, deflate] DNT[1] Referer[http://192.168.2.104:1861/afgetdir.ma?p=%5Cvar%5Cmobile%5CApplications%5C8D137E49-3793-4C45-9A50-B8AF3AE7EA56%5CDocuments%5CLibrary%5CWD%5C] Connection[keep-alive] Response Headers: Content-Length[0] Server[MHttpServer/1.0.0] URL=http://192.168.2.104:1861/afgetthum.ma?p=%5Cvar%5Cmobile%5CApplications %5C8D137E49-3793-4C45-9A50-B8AF3AE7EA56%5CDocuments%5CLibrary%5CWD%5C[CODE EXECUTION] Status: 200[OK] GET http://192.168.2.104:1861/afgetthum.ma?p=%5Cvar%5Cmobile%5CApplications%5C8D137E49-3793-4C45-9A50-B8AF3AE7EA56%5CDocuments%5CLibrary%5CW%5C[CODE EXECUTION] Load Flags[LOAD_NORMAL] Content Size[20217] Mime Type[application/x-unknown-content-type] Request Headers: Host[192.168.2.104:1861] User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0] Accept[image/png,image/*;q=0.8,*/*;q=0.5] Accept-Language[en-US,en;q=0.5] Accept-Encoding[gzip, deflate] DNT[1] Referer [http://192.168.2.104:1861/afgetdir.ma?p=%5Cvar%5Cmobile%5CApplications%5C8D137E49-3793-4C45-9A50-B8AF3AE7EA56%5CDocuments%5CLibrary%5CWD%5C] Connection[keep-alive]
[ MDVSA-2013:202 ] bind
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:202 http://www.mandriva.com/en/support/security/ ___ Package : bind Date: July 28, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been discovered and corrected in bind: The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (daemon crash) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013 (CVE-2013-4854). The updated packages for Enterprise Server 5 have been patched to correct this issue. The updated packages for Business Server 1 have been upgraded to the 9.9.3-P2 version which is not vulnerable to this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854 https://kb.isc.org/article/AA-01015 ___ Updated Packages: Mandriva Enterprise Server 5: 9e776847c36fb64f662b4085b3cb8094 mes5/i586/bind-9.7.6-0.0.P4.0.3mdvmes5.2.i586.rpm edcdf4d115c51e02b80fc71aa7a47830 mes5/i586/bind-devel-9.7.6-0.0.P4.0.3mdvmes5.2.i586.rpm f884b27e3d787a299771a1f503fe88b6 mes5/i586/bind-doc-9.7.6-0.0.P4.0.3mdvmes5.2.i586.rpm 0e4fd90be28476b3d66be7551e559b91 mes5/i586/bind-utils-9.7.6-0.0.P4.0.3mdvmes5.2.i586.rpm 7138cad91c6e60e9c5010160babc9e4d mes5/SRPMS/bind-9.7.6-0.0.P4.0.3mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 8ec75fc3c3196d327e455e0ac6ddc911 mes5/x86_64/bind-9.7.6-0.0.P4.0.3mdvmes5.2.x86_64.rpm 7f288837351ca1f4e80e3ca7951ce887 mes5/x86_64/bind-devel-9.7.6-0.0.P4.0.3mdvmes5.2.x86_64.rpm 94eabda3a997f0b2a830c4492c843738 mes5/x86_64/bind-doc-9.7.6-0.0.P4.0.3mdvmes5.2.x86_64.rpm 47f115aae40428de94caa0d2d22fd6f0 mes5/x86_64/bind-utils-9.7.6-0.0.P4.0.3mdvmes5.2.x86_64.rpm 7138cad91c6e60e9c5010160babc9e4d mes5/SRPMS/bind-9.7.6-0.0.P4.0.3mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 8a02e2f279dbe9771ed6c928371321e1 mbs1/x86_64/bind-9.9.3.P2-0.1.mbs1.x86_64.rpm bee634955dffeedf9b8a791165b0d114 mbs1/x86_64/bind-devel-9.9.3.P2-0.1.mbs1.x86_64.rpm 43432c1cc8e054af8436cadc03a54b2f mbs1/x86_64/bind-doc-9.9.3.P2-0.1.mbs1.noarch.rpm ace4f34cf8baea261d6b4bcf321f1d7a mbs1/x86_64/bind-sdb-9.9.3.P2-0.1.mbs1.x86_64.rpm 1e3efacca14e9d9c0ba8d1b1e1095fa6 mbs1/x86_64/bind-utils-9.9.3.P2-0.1.mbs1.x86_64.rpm 948ab10758a60bac2f2caf10296f4e89 mbs1/SRPMS/bind-9.9.3.P2-0.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFR9N4MmqjQ0CJFipgRAqDiAJwIQ2uqkk1foEE1ToaLxCfHNOW1MgCfchEB 1dKyij/hxQRTt4VXqKkW5Iw= =GY37 -END PGP SIGNATURE-
DEFCON London - DC4420 July - social event - Tuesday 30th July 2013
It is summer holiday time, not to mention that many people are making their way this week to Las Vegas for Def Con or to the Netherlands for OHM2013. There are no scheduled speakers this month, and Major Malfunction Tony are both out of town. Fear not though, as the downstairs bar is sill booked for us and normal service will resume at the end of August! Cheers, Tony
ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability EMC Identifier: ESA-2013-033 EMC Identifier: NW144712 CVE Identifier: CVE-2013-0943 Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C) Affected products: EMC NetWorker 8.0.0.x EMC NetWorker 8.0.1.x EMC NetWorker 7.6.x.x Summary: A vulnerability exists in EMC NetWorker that could allow exposure of certain sensitive configuration information under specific circumstances. Details: A privileged user on either Unix or Windows family operating systems may use the nsradmin utility on EMC Networker to potentially decrypt data leading to exposure of sensitive configuration information. Note: This vulnerability affects all NetWorker platforms. Resolution: The following EMC NW products contain a resolution for these issues: EMC NetWorker 8.1 and above EMC strongly recommends that all customers upgrade to above NetWorker build. Link to remedies: For information regarding all fixes included in the above build(s), refer to support.emc.com. Select Support by Product and type NetWorker(Direct link NetWorker). From this page select Downloads, Documentation or Advisories as required. [The following is standard text included in all security advisories. Please do not change or delete.] Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided as is without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (Cygwin) iEYEARECAAYFAlH2dhwACgkQtjd2rKp+ALytWACgmg+//S0QlI2VJQsPeyOfPz2d nSwAn2mV7SesfnC0qz0coC37n1E7ygEx =IFWN -END PGP SIGNATURE-