E-Store (1.0 2.0) = SQL Injection Vulnerability
# Exploit Author: Nawaf Alkeraithe == for E-store 1.0: # Google Dork: Powered by: PD inurl:page.php?id #Vulnerable page: http://[target]/page.php?id=[SQL Injection] == for E-store 2.0: # Google Dork: Powered by: PD inurl:news.php?id #Vulnerable page: http://[target]/news.php?id=[SQL Injection] Vendor: http://www.uaepd.net/products.html?id=2 Affected versions: E-Store 1.0 E-Store 2.0
[SECURITY] [DSA 2870-1] libyaml-libyaml-perl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2870-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 08, 2014 http://www.debian.org/security/faq - - Package: libyaml-libyaml-perl Vulnerability : heap-based buffer overflow CVE ID : CVE-2013-6393 Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. This update corrects this flaw in the copy that is embedded in the libyaml-libyaml-perl package. For the oldstable distribution (squeeze), this problem has been fixed in version 0.33-1+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 0.38-3+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 0.41-4. For the unstable distribution (sid), this problem has been fixed in version 0.41-4. We recommend that you upgrade your libyaml-libyaml-perl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJTGxHlAAoJEAVMuPMTQ89EbtQQAKD9QG9kNJTuFl0P777wSyAR gQzzFjOGPP+p9Q3OWewXK2Xfk6fb6eBRk2vI3TZ63XD3KPPebhfMvRGHILp1jscI hab6pHbp2Bs6PcX+ahEUfVhnv+7J+RxNEjjl5RWMIznUCM6G5tX4xjAbaKTnAUSZ cbGHc3agtNXxQLGdW1eLedIZjWqVtkPQ3q7UbGl8dXbP8s1XWc0N+LJZDskFYfUT /99qX122gFOpNPI9YGuosa+I5J0LWCJz/+qN00wx5K5uipsV52wgR4Kq+xMLV545 A1sPTpNiNkOrIvXQiWLP6JrLV39gb0G09dBCn6veCmhiagBvkSY5A8/wWphiG9k1 OKpwqYp1rFxWEpCgImU3TqiZutIM/yKopJPa+Lz4ZAb6yI62411hati7f6gqdYk1 GU3cJsPMQQ4Xz7Uj0po2gZ76UNo5skYsdOdunQv3foWDVoRNkHB1BbTsrQFBUD3u zbih3vhLmK01lvgNYDTyhJodtCfRJumMn6o0zaWBEYOVpD7GzwABxECyDwSe626D bs8QXWPuK5DaJ/XkntmswRkeJ3NBsGVwaZUszmTPCLLX/XEPDQls1yuYnPCUvo/4 +hNTlkEwpzW1x1G1Kpd7m2j7KsS6xpAgnt90B0RHPrTtS63xEGIgk3Z5301yxzcE OjzJ2ZxxdRIEU6fMgC0W =fvig -END PGP SIGNATURE-
[ MDVSA-2014:048 ] gnutls
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:048 http://www.mandriva.com/en/support/security/ ___ Package : gnutls Date: March 10, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Updated gnutls packages fix security vulnerability: It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker (CVE-2014-0092). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092 http://advisories.mageia.org/MGASA-2014-0117.html ___ Updated Packages: Mandriva Enterprise Server 5: 102f795d8475e9c9d6df72aeffd9213b mes5/i586/gnutls-2.4.1-2.10mdvmes5.2.i586.rpm 1f87f8bce0222e4bad7f098e9ae04467 mes5/i586/libgnutls26-2.4.1-2.10mdvmes5.2.i586.rpm c9bffc45aaddf198ccf185d130cd06c6 mes5/i586/libgnutls-devel-2.4.1-2.10mdvmes5.2.i586.rpm c713dc5b541177d7ad289853a6be2869 mes5/SRPMS/gnutls-2.4.1-2.10mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 74cf2ef8f62b6695fb7e0302bbd05f21 mes5/x86_64/gnutls-2.4.1-2.10mdvmes5.2.x86_64.rpm 1c915d2bfcadb6cb85ee2a80a3adf6ce mes5/x86_64/lib64gnutls26-2.4.1-2.10mdvmes5.2.x86_64.rpm 62d52e05b82032c7952f2dbf8e60482f mes5/x86_64/lib64gnutls-devel-2.4.1-2.10mdvmes5.2.x86_64.rpm c713dc5b541177d7ad289853a6be2869 mes5/SRPMS/gnutls-2.4.1-2.10mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 53bb1704d26e27aeeeddfdcf093c28a3 mbs1/x86_64/gnutls-3.0.28-1.2.mbs1.x86_64.rpm 9d87ba4210c47fd889e311cfddcbc0eb mbs1/x86_64/lib64gnutls28-3.0.28-1.2.mbs1.x86_64.rpm 3055076fd43b6a23e8ca36ca898e2378 mbs1/x86_64/lib64gnutls-devel-3.0.28-1.2.mbs1.x86_64.rpm 6c7adf3386ec46df821457f8ed0962f0 mbs1/x86_64/lib64gnutls-ssl27-3.0.28-1.2.mbs1.x86_64.rpm 2399c9cd4b3b4eb1cd1ad82a2dbbc90e mbs1/SRPMS/gnutls-3.0.28-1.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTHYuPmqjQ0CJFipgRAnO5AJ9UPgEWklfcapkAlRUrevDFRY5w1QCfUwqw BPc793TFRj1+Ic7Ckur6Ahs= =EexV -END PGP SIGNATURE-
[ MDVSA-2014:049 ] subversion
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:049 http://www.mandriva.com/en/support/security/ ___ Package : subversion Date: March 10, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been discovered and corrected in subversion: The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the svn ls http://svn.example.com command (CVE-2014-0032). This advisory provides the latest version of subversion (1.7.16) which is not vulnerable to this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032 http://subversion.apache.org/security/CVE-2014-0032-advisory.txt ___ Updated Packages: Mandriva Enterprise Server 5: 25a0792c0644c3469694b1aed87920c4 mes5/i586/apache-mod_dav_svn-1.7.16-0.1mdvmes5.2.i586.rpm 5c4a0db4d471323f53b1062f495cc4d7 mes5/i586/libsvn0-1.7.16-0.1mdvmes5.2.i586.rpm cf1185d10113c2ba5bfa5be6bc2c0c47 mes5/i586/libsvnjavahl1-1.7.16-0.1mdvmes5.2.i586.rpm e3cc87ab3d41b46bf520bb292c12526f mes5/i586/perl-SVN-1.7.16-0.1mdvmes5.2.i586.rpm 27b585a2d79689d73233463841f2bc80 mes5/i586/perl-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm 0039001ca9d125bfb557cffcc2f5b8c5 mes5/i586/python-svn-1.7.16-0.1mdvmes5.2.i586.rpm 4776c4ae660efbbc357c3c35fc9bd01f mes5/i586/python-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm 6708ceca95968af6a53b6181278f8252 mes5/i586/ruby-svn-1.7.16-0.1mdvmes5.2.i586.rpm 261064f1e40912db8c0a863e0b907a6f mes5/i586/ruby-svn-devel-1.7.16-0.1mdvmes5.2.i586.rpm a115aab61321b6fa8180c0debfc2ebe2 mes5/i586/subversion-1.7.16-0.1mdvmes5.2.i586.rpm 942c99bfabaf203e5e10ac3ef394e63b mes5/i586/subversion-devel-1.7.16-0.1mdvmes5.2.i586.rpm 32096c5120feb2ea6ece0675ef24412a mes5/i586/subversion-doc-1.7.16-0.1mdvmes5.2.i586.rpm 35943db397129b7b6ab1ec48014356e8 mes5/i586/subversion-server-1.7.16-0.1mdvmes5.2.i586.rpm 377718f8801578a0a02afd21daa9d96d mes5/i586/subversion-tools-1.7.16-0.1mdvmes5.2.i586.rpm be6f8cc3ef11f7219f6a07824795ed41 mes5/i586/svn-javahl-1.7.16-0.1mdvmes5.2.i586.rpm f9511b3a764f7f5c0297b5c6478a05d5 mes5/SRPMS/subversion-1.7.16-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: fe630b13878ebd2eef2301836d42a833 mes5/x86_64/apache-mod_dav_svn-1.7.16-0.1mdvmes5.2.x86_64.rpm 34ea50c0238c1a71a0fb518ae81441a6 mes5/x86_64/lib64svn0-1.7.16-0.1mdvmes5.2.x86_64.rpm a18979e9ea94488d2862e725b91ac995 mes5/x86_64/lib64svnjavahl1-1.7.16-0.1mdvmes5.2.x86_64.rpm d186d26bf20b5b9cd6b6727f794b0747 mes5/x86_64/perl-SVN-1.7.16-0.1mdvmes5.2.x86_64.rpm ba6923c0cb1f53ac8c96b682df7e5711 mes5/x86_64/perl-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm 18ef94dc37d3f7c4b161fdb71cb1900e mes5/x86_64/python-svn-1.7.16-0.1mdvmes5.2.x86_64.rpm e0615817d08e9bdc3151d8de7b6f88da mes5/x86_64/python-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm 8f3f546f4b57e2e6fe2d951e02eafde1 mes5/x86_64/ruby-svn-1.7.16-0.1mdvmes5.2.x86_64.rpm 0dd7b95e42ebe58bc5a3a368142f7de6 mes5/x86_64/ruby-svn-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm da5acbb29a65970a911fdfd44e39e9d6 mes5/x86_64/subversion-1.7.16-0.1mdvmes5.2.x86_64.rpm e4ccfd66a649b933ecc7bfd1fdba686d mes5/x86_64/subversion-devel-1.7.16-0.1mdvmes5.2.x86_64.rpm 074511092d7547f4c01f7820c4a00cab mes5/x86_64/subversion-doc-1.7.16-0.1mdvmes5.2.x86_64.rpm 2cada523fcd8673de0fb2f99de60dad6 mes5/x86_64/subversion-server-1.7.16-0.1mdvmes5.2.x86_64.rpm 0f435f9026b9460c5be686a4d8218350 mes5/x86_64/subversion-tools-1.7.16-0.1mdvmes5.2.x86_64.rpm 933d8dfd42cdd71c6d43b7bec209a5e7 mes5/x86_64/svn-javahl-1.7.16-0.1mdvmes5.2.x86_64.rpm f9511b3a764f7f5c0297b5c6478a05d5 mes5/SRPMS/subversion-1.7.16-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 5095fc2f7b63d2374ba366051a873b58 mbs1/x86_64/apache-mod_dav_svn-1.7.16-0.1.mbs1.x86_64.rpm 633a46f34b6da14ddcab055dcc7b43c6 mbs1/x86_64/lib64svn0-1.7.16-0.1.mbs1.x86_64.rpm 1ca8f4e33ce81302d36912ed217f80b3 mbs1/x86_64/lib64svn-gnome-keyring0-1.7.16-0.1.mbs1.x86_64.rpm f70f985409153583212517dbada5ab0b mbs1/x86_64/lib64svnjavahl1-1.7.16-0.1.mbs1.x86_64.rpm ed488e73c53881ada31cba91eab5b086 mbs1/x86_64/perl-SVN-1.7.16-0.1.mbs1.x86_64.rpm ed510f571e41eb525e342ec597d1cfbe mbs1/x86_64/perl-svn-devel-1.7.16-0.1.mbs1.x86_64.rpm 6d4359f416b2a54ea9bb54275bc9cff2
[SECURITY] [DSA 2871-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2871-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff March 10, 2014 http://www.debian.org/security/faq - - Package: wireshark CVE ID : CVE-2014-2281 CVE-2014-2283 CVE-2014-2299 Multiple vulnerabilities were discovered in Wireshark: CVE-2014-2281 Moshe Kaplan discovered that the NFS dissector could be crashed, resulting in denial of service. CVE-2014-2283 It was discovered that the RLC dissector could be crashed, resulting in denial of service. CVE-2014-2299 Wesley Neelen discovered a buffer overflow in the MPEG file parser, which could lead to the execution of arbitrary code. For the oldstable distribution (squeeze), these problems have been fixed in version 1.2.11-6+squeeze14. For the stable distribution (wheezy), these problems have been fixed in version 1.8.2-5wheezy10. For the unstable distribution (sid), these problems have been fixed in version 1.10.6-1. We recommend that you upgrade your wireshark packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJTHdDvAAoJEBDCk7bDfE42/QkP/2eQjKXDl6z651I+OciMif8X PJbZ50T6linCsT7BqWaBv6GCxlSsU60+Yh7nHVfCJ0JY5NjWp0fOyLu3a7yD9SH/ 7UEgJB0OVWSE54wIUO0Boi0qRth4l6+f/t4y/1gjwGGadv7cjhJRzhm6blMyUj61 XPqI/Sswm1ux/BVteLc2ffpsGNL4XcCNUH92is68r3R+YcrXoqFewVwI7/BRusNb sq0Au+gkL3LD/owxf4yHWB/DSYHauVnto3zGqcdErAREFk6jA+OZgqjKrrmsrQa+ Jc3EFSWwJ71T1ko45Td8rz2AHRmipXpLrhL+1cPCmIkKUnVQMDNsz5JMWmJUzGmC sJdNPdKrI6vTA2J03rW/dyl0fo9hSzJSkzxziDY0yrOX/GIiSRRb6ZS6CsOYDSNc UCmX/UCrrW0rpG5HI3XdUnOWqTWfy1YuWpbLb2Wll0mtF79n7jbzBZJscF+B+p7o XMCEdddAIGJQR8yU01MWkE8FmNxdOihn9CajS9xHqxT0rM8d1kJFzzaROOY9bkbF T10/mJ3IdXVVKNfQENXxsRpFAd/tUl2Q52Rc9GMmV4aNT+KQbK33JCMFPBgSQQ5k zDnAMlnTSMzvd4QkM/1wceAL8KqdDRwCdrYxDpuEDHz9ixXWqeUF5KEIUVmBpFO3 5VZ8C8h5dSBQ3FififjZ =HE9d -END PGP SIGNATURE-
[SECURITY] [DSA 2872-1] udisks security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2872-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff March 10, 2014 http://www.debian.org/security/faq - - Package: udisks CVE ID : CVE-2014-0004 Florian Weimer discovered a buffer overflow in udisks's mount path parsing code which may result in privilege escalation. For the oldstable distribution (squeeze), this problem has been fixed in version 1.0.1+git20100614-3squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 1.0.4-7wheezy1. For the unstable distribution (sid), this problem has been fixed in version 1.0.5-1. We recommend that you upgrade your udisks packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJTHdGQAAoJEBDCk7bDfE42m3IP/1Pyh4so7zS2D0cnwmNGWgWS yt926+ocgJAL9IPpxbUP2P0ZLOqRE048DwlUXnobnpUxoD855KPcP2ki1Fn/EHZ+ 8OYhnfJYTl6NR86VcbKhpzvpYTHJGVSrelm34qKBem8pnTBOe1K+MAcFqsattUht E1BLQ/VkC6NHCsh0pw0o0wEANaA4qk4KW4gjSg9qoNQXSMkjyj7oJf0BbVRdpVku mG8b4qzb+RhVtZrA2OkE0JpJxdbkFaM/vH3tFD4a1Mo7j4BE+0PtLvlj/2Klx5BV xSQKRHnED9DPwhREzwFUW9PnSEHY+s1CE44Z9F3FGWW80I4RQUKcepYsbT2kPuZM M83SXnajTfyQaLl/JtH9T6j13ksm2yy38ooYuC/IAUkKY7e7JDv9sCp/dddijhwo 23DUmwRkPqLbzmi1qvkyUuJmX97Np3q3477Ou/uJ/20r6bmO3nQR2D9C5rub/Zg0 3lzdbrMc6XWnFT/zq2YQV/pUeDhJD/pQHW+EFsHOPIAxixjk5tHbNBNUuLvSZzQh GR4qSWqCrRgj3W0ivgnYuNmQ8OIM0qJhW9FuygwLR8w7P1sZZhc4ZxURRpaOalen Wrm4pu2w0HsdUxAJab7SzJnuL8s3N+Yy+ZzXupyR5/JLYBlTrxAC6rwbdbdv0fZu yVnpDVF6hgVh1B3aEQhV =xZKX -END PGP SIGNATURE-
[security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04135307 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04135307 Version: 1 HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-03-10 Last Updated: 2014-03-10 Potential Security Impact: Multiple remote vulnerabilities affecting confidentiality, integrity and availability Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment. The vulnerabilities could be exploited remotely affecting confidentiality, integrity and availability. References: CVE-2010-4008 CVE-2010-4494 CVE-2011-2182 CVE-2011-2213 CVE-2011-2492 CVE-2011-2518 CVE-2011-2689 CVE-2011-2723 CVE-2011-3188 CVE-2011-4077 CVE-2011-4110 CVE-2012-0058 CVE-2012-0879 CVE-2012-1088 CVE-2012-1179 CVE-2012-2137 CVE-2012-2313 CVE-2012-2372 CVE-2012-2373 CVE-2012-2375 CVE-2012-2383 CVE-2012-2384 CVE-2013-6205 CVE-2013-6206 SSRT101443 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Rapid Deployment Pack (RDP) -- All versions HP Insight Control Server Deployment -- All versions BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2013-6205(AV:L/AC:M/Au:S/C:P/I:P/A:P)4.1 CVE-2013-6206(AV:N/AC:L/Au:N/C:C/I:P/A:P)9.0 CVE-2010-4008(AV:N/AC:M/Au:N/C:N/I:N/A:P)4.3 CVE-2010-4494(AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-2182(AV:L/AC:L/Au:N/C:C/I:C/A:C)7.2 CVE-2011-2213(AV:L/AC:L/Au:N/C:N/I:N/A:C)4.9 CVE-2011-2492(AV:L/AC:M/Au:N/C:P/I:N/A:N)1.9 CVE-2011-2518(AV:L/AC:L/Au:N/C:N/I:N/A:C)4.9 CVE-2011-2689(AV:L/AC:L/Au:N/C:N/I:N/A:C)4.9 CVE-2011-2723(AV:A/AC:M/Au:N/C:N/I:N/A:C)5.7 CVE-2011-3188(AV:N/AC:M/Au:N/C:P/I:P/A:P)6.8 CVE-2011-4077(AV:L/AC:M/Au:N/C:C/I:C/A:C)6.9 CVE-2011-4110(AV:L/AC:L/Au:N/C:N/I:N/A:P)2.1 CVE-2012-0058(AV:L/AC:L/Au:N/C:N/I:N/A:C)4.9 CVE-2012-0879(AV:L/AC:L/Au:N/C:N/I:N/A:C)4.9 CVE-2012-1088(AV:L/AC:M/Au:N/C:N/I:P/A:P)3.3 CVE-2012-1179(AV:A/AC:M/Au:S/C:N/I:N/A:C)5.2 CVE-2012-2137(AV:L/AC:M/Au:N/C:C/I:C/A:C)6.9 CVE-2012-2313(AV:L/AC:H/Au:N/C:N/I:N/A:P)1.2 CVE-2012-2372(AV:L/AC:M/Au:S/C:N/I:N/A:C)4.4 CVE-2012-2373(AV:L/AC:H/Au:N/C:N/I:N/A:C)4.0 CVE-2012-2375(AV:A/AC:H/Au:N/C:N/I:N/A:C)4.6 CVE-2012-2383(AV:L/AC:L/Au:N/C:N/I:N/A:C)4.9 CVE-2012-2384(AV:L/AC:L/Au:N/C:N/I:N/A:C)4.9 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP recommends that HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment should only be run on private secure networks to prevent the risk of security compromise. HISTORY Version:1 (rev.1) - 10 March 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is
Android Vulnerability: Install App Without User Explicit Consent
This vulnerability allows an app to install any number of apps with any type of permissions without user's explicit consent. It is based on two things: 1. You can install an app from Google Play using just the browser, even from PC. 2. An app can embed a browser and automatically login into your Google account without any notification, using a few permissions. Description One can build an Android app, let's call it Trojan, that requires these permissions: android.permission.INTERNET - Allows applications to open network sockets. android.permission.GET_ACCOUNTS - Allows access to the list of accounts in the Accounts Service. android.permission.USE_CREDENTIALS - Allows an application to request authtokens from the AccountManager. These are the steps to reproduce it: 1. Trojan app contains a WebView that will automatically login into user's Google account by requesting authtokens from the Account Manager, user will not be notified nor have any way to stop this. 2. The WebView will load the Google Play web site and inject JavaScript code on page load. 3. The JavaScript code will make a request to get the device information and CSRF tokens, it will get information about all devices registered with that account. Remember the browser is logged in with user's Google account. 4. Using this information it can issue a request to install ANY app on Google Play, on EVERY device registered with that Google account. The user will not be prompted and will not have any way to stop this. Scenarios - Trojan app could be full screen and the user will not even see the install notification. - Trojan app could choose to install the app on a different device, from the devices registered with the Google account, the user will not see anything unusual on the current device where the Trojan runs. - The installed app can have access to ALL permissions (if it specifies so in the manifest) without the user explicitly approving that, it could have access to services that cost you money, like sending SMS or making phone calls, manage accounts, disable your phone, just look at the permission list. - Since you have access to all Google data for that account, there are other scenarios, like accessing emails and more, but the PoC did not address those. The fix The Google fix, as far as I could tell, was to not allow the browser to automatically login. Instead, the user will be prompted with a text that says it would allow the app to have access to all Google data. This however does not inform the user that it will allow automatic installation of any app, potentially causing direct and immediate loss of money. I will not release the PoC, I think it would be too easy to cause real damage. However it is not that difficult to implement. Vendor contact timeline 2013-12-16 - Contact security(at)google.com. 2013-12-17 - Received reply that the issues was passed to security(at)android.com. 2013-12-20 - Received reply that they could not reproduce the issue. 2013-12-20 - Sent a stripped down version of the PoC, not much different. 2014-01-16 - Request status update. 2014-01-24 - Received response that the rollout of the fix started last week. 2014-02-12 - Received response that the fix is live for 100% users/devices.
APPLE-SA-2014-03-10-1 iOS 7.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2014-03-10-1 iOS 7.1 iOS 7.1 is now available and addresses the following: Backup Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted backup can alter the filesystem Description: A symbolic link in a backup would be restored, allowing subsequent operations during the restore to write to the rest of the filesystem. This issue was addressed by checking for symbolic links during the restore process. CVE-ID CVE-2013-5133 : evad3rs Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Root certificates have been updated Description: Several certificates were added to or removed from the list of system roots. Configuration Profiles Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Profile expiration dates were not honored Description: Expiration dates of mobile configuration profiles were not evaluated correctly. The issue was resolved through improved handling of configuration profiles. CVE-ID CVE-2014-1267 CoreCapture Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application can cause an unexpected system termination Description: A reachable assertion issue existed in CoreCapture's handling of IOKit API calls. The issue was addressed through additional validation of input from IOKit. CVE-ID CVE-2014-1271 : Filippo Bigarella Crash Reporting Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A local user may be able to change permissions on arbitrary files Description: CrashHouseKeeping followed symbolic links while changing permissions on files. This issue was addressed by not following symbolic links when changing permissions on files. CVE-ID CVE-2014-1272 : evad3rs dyld Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Code signing requirements may be bypassed Description: Text relocation instructions in dynamic libraries may be loaded by dyld without code signature validation. This issue was addressed by ignoring text relocation instructions. CVE-ID CVE-2014-1273 : evad3rs FaceTime Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to access FaceTime contacts from the lock screen Description: FaceTime contacts on a locked device could be exposed by making a failed FaceTime call from the lock screen. This issue was addressed through improved handling of FaceTime calls. CVE-ID CVE-2014-1274 ImageIO Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 images in PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1275 : Felix Groebert of the Google Security Team ImageIO Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of TIFF images. This issue was addressed through additional validation of TIFF images. CVE-ID CVE-2012-2088 ImageIO Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted JPEG file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in libjpeg's handling of JPEG markers, resulting in the disclosure of memory contents. This issue was addressed through additional validation of JPEG files. CVE-ID CVE-2013-6629 : Michal Zalewski IOKit HID Event Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may monitor on user actions in other apps Description: An interface in IOKit framework allowed malicious apps to monitor on user actions in other apps. This issue was addressed through improved access control policies in the framework. CVE-ID CVE-2014-1276 : Min Zheng, Hui Xue, and Dr. Tao (Lenx) Wei of FireEye iTunes Store Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A man-in-the-middle attacker may entice a user into downloading a malicious app via Enterprise App Download Description: An attacker with a privileged network position could spoof network communications to entice a user into downloading a malicious app. This issue was mitigated by using SSL and prompting the user during URL redirects. CVE-ID CVE-2014-1277 : Stefan
[ MDVSA-2014:050 ] wireshark
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:050 http://www.mandriva.com/en/support/security/ ___ Package : wireshark Date: March 10, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Multiple vulnerabilities was found and corrected in Wireshark: * The NFS dissector could crash. Discovered by Moshe Kaplan (CVE-2014-2281). * The RLC dissector could crash (CVE-2014-2283). * The MPEG file parser could overflow a buffer. Discovered by Wesley Neelen (CVE-2014-2299). This advisory provides the latest version of Wireshark (1.8.13) which is not vulnerable to these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2283 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2299 http://www.wireshark.org/security/wnpa-sec-2014-01.html http://www.wireshark.org/security/wnpa-sec-2014-03.html http://www.wireshark.org/security/wnpa-sec-2014-04.html ___ Updated Packages: Mandriva Enterprise Server 5: 4f641d05af87e5a053edd599e23975c7 mes5/i586/dumpcap-1.8.13-0.1mdvmes5.2.i586.rpm b1a8a82298dd88bde7f9e41b1a73b47d mes5/i586/libwireshark2-1.8.13-0.1mdvmes5.2.i586.rpm 896c658c6ddacc562a0d70366c64aefd mes5/i586/libwireshark-devel-1.8.13-0.1mdvmes5.2.i586.rpm b3287396b309bd0ec077ec03647356ac mes5/i586/rawshark-1.8.13-0.1mdvmes5.2.i586.rpm b05f181a687aee422bcc9d2a0dbedecc mes5/i586/tshark-1.8.13-0.1mdvmes5.2.i586.rpm a3c609066ee5c522f735160b791b3d1d mes5/i586/wireshark-1.8.13-0.1mdvmes5.2.i586.rpm 8e3d5cddff1cf5b3de28e6fd6298a412 mes5/i586/wireshark-tools-1.8.13-0.1mdvmes5.2.i586.rpm 104a5965c230eba36b23945ea4d378e6 mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: bf3e734f58c22f4a7d4cb9a92c723e6b mes5/x86_64/dumpcap-1.8.13-0.1mdvmes5.2.x86_64.rpm f3f2f97f4a0dab273fe6821f9b3dcda2 mes5/x86_64/lib64wireshark2-1.8.13-0.1mdvmes5.2.x86_64.rpm d7182aa64192b2b4856ce1deb25da35d mes5/x86_64/lib64wireshark-devel-1.8.13-0.1mdvmes5.2.x86_64.rpm ce9a49108e3e37385b1ecd1aec0818b5 mes5/x86_64/rawshark-1.8.13-0.1mdvmes5.2.x86_64.rpm 345d1066d8dda18a06b0f9b0f34b12ff mes5/x86_64/tshark-1.8.13-0.1mdvmes5.2.x86_64.rpm 49cf7c4dbec20d065ff535f5bc500d3b mes5/x86_64/wireshark-1.8.13-0.1mdvmes5.2.x86_64.rpm 79c290d0a6934440a3989e696f6e3a2d mes5/x86_64/wireshark-tools-1.8.13-0.1mdvmes5.2.x86_64.rpm 104a5965c230eba36b23945ea4d378e6 mes5/SRPMS/wireshark-1.8.13-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 919616ad2d26713c2d0a4148d06cc671 mbs1/x86_64/dumpcap-1.8.13-1.mbs1.x86_64.rpm 32bc98bd5e9d2e19043d77ba944413fb mbs1/x86_64/lib64wireshark2-1.8.13-1.mbs1.x86_64.rpm e966a54884894738c89859f3768aed5c mbs1/x86_64/lib64wireshark-devel-1.8.13-1.mbs1.x86_64.rpm b96bbb6c34d1bf867e7409392b82817a mbs1/x86_64/rawshark-1.8.13-1.mbs1.x86_64.rpm a803b639bdf2ffa9d905bae772d19498 mbs1/x86_64/tshark-1.8.13-1.mbs1.x86_64.rpm ba694e53492db08cb4db43ae181b519f mbs1/x86_64/wireshark-1.8.13-1.mbs1.x86_64.rpm c24508e134fd8be7216f4a165dc3f71c mbs1/x86_64/wireshark-tools-1.8.13-1.mbs1.x86_64.rpm bc9586d2a42a3b7f52a02843905c7f59 mbs1/SRPMS/wireshark-1.8.13-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTHcXMmqjQ0CJFipgRApA3AJ9dlqu6qQiutinpvBDtprtQHoIKIQCeM396 03x4Ft2ynLHpeO4UFnID4QM= =F8Lb -END PGP SIGNATURE-
APPLE-SA-2014-03-10-2 Apple TV 6.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2014-03-10-2 Apple TV 6.1 Apple TV 6.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with access to an Apple TV may access sensitive user information from logs Description: Sensitive user information was logged. This issue was addressed by logging less information. CVE-ID CVE-2014-1279 : David Schuetz working at Intrepidus Group Apple TV Available for: Apple TV 2nd generation and later Impact: Profile expiration dates were not honored Description: Expiration dates of mobile configuration profiles were not evaluated correctly. The issue was resolved through improved handling of configuration profiles. CVE-ID CVE-2014-1267 Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious application can cause an unexpected system termination Description: A reachable assertion issue existed in CoreCapture's handling of IOKit API calls. The issue was addressed through additional validation of input from IOKit. CVE-ID CVE-2014-1271 : Filippo Bigarella Apple TV Available for: Apple TV 2nd generation and later Impact: A local user may be able to change permissions on arbitrary files Description: CrashHouseKeeping followed symbolic links while changing permissions on files. This issue was addressed by not following symbolic links when changing permissions on files. CVE-ID CVE-2014-1272 : evad3rs Apple TV Available for: Apple TV 2nd generation and later Impact: Code signing requirements may be bypassed Description: Text relocation instructions in dynamic libraries may be loaded by dyld without code signature validation. This issue was addressed by ignoring text relocation instructions. CVE-ID CVE-2014-1273 : evad3rs Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 images in PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1275 : Felix Groebert of the Google Security Team Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of TIFF images. This issue was addressed through additional validation of TIFF images. CVE-ID CVE-2012-2088 Apple TV Available for: Apple TV 2nd generation and later Impact: Viewing a maliciously crafted JPEG file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in libjpeg's handling of JPEG markers, resulting in the disclosure of memory contents. This issue was addressed through additional validation of JPEG files. CVE-ID CVE-2013-6629 : Michal Zalewski Apple TV Available for: Apple TV 2nd generation and later Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: An out of bounds memory access issue existed in the ARM ptmx_get_ioctl function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1278 : evad3rs Apple TV Available for: Apple TV 2nd generation and later Impact: A configuration profile may be hidden from the user Description: A configuration profile with a long name could be loaded onto the device but was not displayed in the profile UI. The issue was addressed through improved handling of profile names. CVE-ID CVE-2014-1282 : Assaf Hefetz, Yair Amit and Adi Sharabani of Skycure Apple TV Available for: Apple TV 2nd generation and later Impact: A person with physical access to the device may be able to cause arbitrary code execution in kernel mode Description: A memory corruption issue existed in the handling of USB messages. This issue was addressed through additional validation of USB messages. CVE-ID CVE-2014-1287 : Andy Davis of NCC Group WebKit Available for: Apple TV 2nd generation and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-2909 : Atte Kettunen of OUSPG CVE-2013-2926 : cloudfuzzer CVE-2013-2928 : Google Chrome Security Team CVE-2013-5196 : Google Chrome Security Team CVE-2013-5197 : Google Chrome Security Team CVE-2013-5198 : Apple CVE-2013-5199 : Apple CVE-2013-5225 : Google Chrome Security Team CVE-2013-5228 : Keen Team (@K33nTeam) working with HP's Zero Day Initiative CVE-2013-6625 : cloudfuzzer CVE-2013-6635 : cloudfuzzer CVE-2014-1269 : Apple CVE-2014-1270 : Apple CVE-2014-1289 : Apple CVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day Initiative, Google Chrome
