[SECURITY] [DSA 2838-1] libxfont security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2838-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff January 07, 2014 http://www.debian.org/security/faq - - Package: libxfont Vulnerability : buffer overflow Problem type : local Debian-specific: no CVE ID : CVE-2013-6462 It was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts (BDF) could result in the execution of arbitrary code. For the oldstable distribution (squeeze), this problem has been fixed in version 1:1.4.1-4. For the stable distribution (wheezy), this problem has been fixed in version 1:1.4.5-3. For the unstable distribution (sid), this problem has been fixed in version 1:1.4.7-1. We recommend that you upgrade your libxfont packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iEYEARECAAYFAlLMNy0ACgkQXm3vHE4uylrHYQCgzgZ09pFCzC24PWsgmTLwIVCs /Z4AnRVfiyi0BPgUFEZG7vCd99nPlWkb =mGL+ -END PGP SIGNATURE-
Multiple Vulnerabilities in Horizon QCMS
Advisory ID: HTB23191 Product: Horizon QCMS Vendor: Horizon QCMS Vulnerable Version(s): 4.0 and probably prior Tested Version: 4.0 Advisory Publication: December 18, 2013 [without technical details] Vendor Notification: December 18, 2013 Vendor Patch: December 25, 2013 Public Disclosure: January 8, 2014 Vulnerability Type: Path Traversal [CWE-22], SQL Injection [CWE-89] CVE References: CVE-2013-7138, CVE-2013-7139 Risk Level: High CVSSv2 Base Scores: 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N), 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Horizon QCMS, which can be exploited to read contents of arbitrary files and perform SQL Injection attacks. 1) Path Traversal in Horizon QCMS: CVE-2013-7138 The vulnerability exists due to insufficient filtration of start HTTP GET parameter passed to /lib/functions/d-load.php script before using it in PHP fopen() function. A remote attacker can read contents of arbitrary files on the target system with privileges of the web server. The exploitation example below will display content of /config.php file that contains MySQL database login credentials: http://[host]/lib/functions/d-load.php?start=../../config.php 2) SQL Injection in Horizon QCMS: CVE-2013-7139 The vulnerability exists due to insufficient validation of category HTTP POST parameter passed to /download.php script. A remote unauthenticated attacker can execute arbitrary SQL commands in application's database. The exploitation example below displays version of MySQL server: http://[host]/download.php?category=%27%20union%20select%201,2,version(),4,5,6%20--%202 --- Solution: Apply security patch for Horizon 4.0 More Information: http://sourceforge.net/projects/hnqcms/files/patches/ --- References: [1] High-Tech Bridge Advisory HTB23191 - https://www.htbridge.com/advisory/HTB23191 - Multiple vulnerabilities in Horizon QCMS. [2] Horizon QCMS - http://www.hnqcms.com/ - An open source Horizon Quick Content Managment System with PHP and MySQL support. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. [5] ImmuniWeb® - http://www.htbridge.com/immuniweb/ - is High-Tech Bridge's proprietary web application security assessment solution with SaaS delivery model that combines manual and automated vulnerability testing. --- Disclaimer: The information provided in this Advisory is provided as is and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.
Improper Authentication in Burden
Advisory ID: HTB23192 Product: Burden Vendor: Josh Fradley Vulnerable Version(s): 1.8 and probably prior Tested Version: 1.8 Advisory Publication: December 18, 2013 [without technical details] Vendor Notification: December 18, 2013 Vendor Patch: December 18, 2013 Public Disclosure: January 8, 2014 Vulnerability Type: Improper Authentication [CWE-287] CVE Reference: CVE-2013-7137 Risk Level: High CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered vulnerability in application authentication mechanism in Burden, which can be exploited by remote non-authenticated attacker to gain administrative access to the vulnerable application. 1) Improper Authentication in Burden: CVE-2013-7137 The vulnerability exists due to insufficient authentication when handling burden_user_rememberme cookie parameter. A remote unauthenticated user can set burden_user_rememberme cookie to 1 and gain administrative access to the application. The exploitation example below shows HTTP GET request that grants administrative privileges to the user: GET /login.php HTTP/1.1 Cookie: burden_user_rememberme=1; The cookie can be also changed using a browser plugin such as Firebug for FireFox. --- Solution: Update to Burden 1.8.1 More Information: https://github.com/joshf/Burden/releases/tag/1.8.1 --- References: [1] High-Tech Bridge Advisory HTB23192 - https://www.htbridge.com/advisory/HTB23192 - Improper Authentication in Burden. [2] Burden - https://github.com/joshf - Burden is a full featured task management app written in PHP. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. [5] ImmuniWeb® - http://www.htbridge.com/immuniweb/ - is High-Tech Bridge's proprietary web application security assessment solution with SaaS delivery model that combines manual and automated vulnerability testing. --- Disclaimer: The information provided in this Advisory is provided as is and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.
[SECURITY] [DSA 2839-1] spice security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2839-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 08, 2014 http://www.debian.org/security/faq - - Package: spice Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2013-4130 CVE-2013-4282 Debian Bug : 717030 728314 Multiple vulnerabilities have been found in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-4130 David Gibson of Red Hat discovered that SPICE incorrectly handled certain network errors. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. CVE-2013-4282 Tomas Jamrisko of Red Hat discovered that SPICE incorrectly handled long passwords in SPICE tickets. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. Applications acting as a SPICE server must be restarted for this update to take effect. For the stable distribution (wheezy), these problems have been fixed in version 0.11.0-1+deb7u1. For the testing distribution (jessie), these problems have been fixed in version 0.12.4-0nocelt2. For the unstable distribution (sid), these problems have been fixed in version 0.12.4-0nocelt2. We recommend that you upgrade your spice packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSzWHvAAoJEAVMuPMTQ89ECeMP/RKh+Bulij5HYH8l9VSvud9w P8Gavk71gDVe82bGIwrzTe5/TiomsecoyS+0Bha8pVymtQT5pigTReZDKKlRg5Ht 6Vo2YyMadoZr76g2js5AEgVPsZsx+ASj0PtdLGm6zl6czVuYIyAoUSRJKwHBkClc B9latcQcWppsVvfxhz7kG205TNqB9xxyo+yMVUxvW6SmwQ75jQyOubVP2hwQisZB 2Cbf78oFulJduLrcQRYNF6r9cb8+F6JX7H3w5GzpWjqbXauGtZgU2aQFmweCTPUY u7GxpwUgebZyeWuI8uqbzcu91cVtRD3o5yyopNtQgGBGORXmn6h1jvxwirFEiSy2 DZC5UljqOdK+SrPPdjPlGfB1oF8xhchJyVyYIsk7Ge8ouR0BJDBGYJPCqTeGRCkw D5TQWC4mRtyIC+guZnm9BK+o6aW8DRte5OqBNA2iMsI06hTyMbHOnpUMJnSKKQQh zDFuhN1ZFOmfhBXbHC56+zk86zvBXTE/vUv1gRiIrqWzgrWOods/S3e84z1BNF3s r2smYSCD/JgXHH3M9FQ7315C0E7GAamNYYpgVeQJW700Z6asuXUvusLA/Q6tpkFV 7TkFl8iouzd0Ao8OB15FdsdjMAEpP8vlxuoQOrzcd7llio9O0JlDmai2TENTMv9v 0gO6v7k8T0JTGZvW/CZF =odYS -END PGP SIGNATURE-