Web Egg Hunting Game - Hacky Easter
I would like to make you aware of a web-based egg hunting game - HACKY EASTER 2014 IS STARTED! The game comes with three components 1) web app 2) iOS app 3) Android app 24 easter eggs are waiting for you. In order to find them, you'll need to solve hacking challenges. The easter eggs contain a QR code - scanning it with the Hacky Easter app will submit your solution to the server, and increase your score. Visit the challenge web site for information on how everything works. -- http://hackyeaster.hacking-lab.com -- In a nutshell, you'll need to: 1. Sign up for the event on hacking-lab.com. - https://www.hacking-lab.com/events/registerform.html?eventid=602uk= 2. Download the Hacky Easter app from the app store (iOS and android). (Simply search the store, or check the hacking-lab event description). 3. Register the app, by entering email and password of your hacking-lab account. (within the hacky easter app) 4. Visit the challenge web site, and start your quest. Once registered in HL, click this URL https://www.hacking-lab.com/cases/8889-hacky-easter-adventure/8889-hacky-eas ter-adventure-wargame.html?event=602case=1047 Have fun and enjoy Ivan Buetler smime.p7s Description: S/MIME cryptographic signature
[security bulletin] HPSBST02968 rev.1 - HP StoreOnce, Remote Unauthorized Access
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04126368 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04126368 Version: 1 HPSBST02968 rev.1 - HP StoreOnce, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-03-25 Last Updated: 2014-03-25 Potential Security Impact: Remote unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP StoreOnce appliances. This vulnerability could be exploited to allow remote unauthorized access to the appliance. References: CVE-2013-6211 (SSRT101429) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Impacted HP StoreOnce Products Impacted version HP StoreOnce Virtual Storage Appliance (VSA) v3.7.1 HP StoreOnce 2610 iSCSI Backup System v3.6.5 BB852A HP StoreOnce 2620 iSCSI Backup System v3.6.5 BB853A HP StoreOnce 4210 iSCSI Backup System v3.6.5 BB854A HP StoreOnce 4210 FC Backup System v3.6.5 BB855A HP StoreOnce 4220 Backup System v3.6.5 BB856A HP StoreOnce 4420 Backup System v3.6.5 BB857A HP StoreOnce 4430 Backup System v3.6.5 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2013-6211(AV:N/AC:M/Au:N/C:P/I:N/A:C) 7.8 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Joshua Small of Technion for reporting CVE-2013-6211 to security-al...@hp.com RESOLUTION HP has made the following updates available for this issue Impacted HP StoreOnce Products Resolution HP StoreOnce Virtual Storage Appliance (VSA) v3.7.2 HP StoreOnce 2610 iSCSI Backup System v3.9.0 BB852A HP StoreOnce 2620 iSCSI Backup System v3.9.0 BB853A HP StoreOnce 4210 iSCSI Backup System v3.9.0 BB854A HP StoreOnce 4210 FC Backup System v3.9.0 BB855A HP StoreOnce 4220 Backup System v3.9.0 BB856A HP StoreOnce 4420 Backup System v3.9.0 BB857A HP StoreOnce 4430 Backup System v3.9.0 HISTORY Version:1 (rev.1) - 25 March 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlMxtdEACgkQ4B86/C0qfVkA1QCg6KoRzAeucXT1GJEDb7huL6v4 Xj0AoPyUtmQZb+6lsvy3s6nMJNMxgHrr =e10C -END PGP SIGNATURE-
VUPEN Security Research - Google Chrome Clipboard::WriteData() Function Sandbox Escape (Pwn2Own)
VUPEN Security Research - Google Chrome Clipboard Format Processing Sandbox Escape (Pwn2Own) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Google Chrome is a freeware web browser developed by Google. Chrome version 28 and beyond uses the WebKit fork Blink. As of 2013, StatCounter estimates that Google Chrome has a 39% worldwide usage share of web browsers (Wikipedia). II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Google Chrome. The vulnerability is caused by an input validation error within the Clipboard::WriteData() function that does not restrict the value of the format parameter, which could be exploited to escape Chrome's sandbox and achieve code execution with Medium integrity level. III. AFFECTED PRODUCTS --- Google Chrome versions prior to 33.0.1750.154 IV. SOLUTION Upgrade to Chrome version version 33.0.1750.154. V. CREDIT -- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house RD efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES -- http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html VIII. DISCLOSURE TIMELINE - 2013-12-19 - Vulnerability Discovered by VUPEN Security 2014-03-13 - Vulnerability Reported to Google/ZDI During Pwn2Own 2014 2014-03-14 - Vulnerability Fixed by Google 2014-03-26 - Public disclosure
VUPEN Security Research - Google Chrome Blink locationAttributeSetter Use-after-free (Pwn2Own)
VUPEN Security Research - Google Chrome Blink locationAttributeSetter Use-after-free (Pwn2Own) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Google Chrome is a freeware web browser developed by Google. Chrome version 28 and beyond uses the WebKit fork Blink. As of 2013, StatCounter estimates that Google Chrome has a 39% worldwide usage share of web browsers (Wikipedia). II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Google Chrome. The vulnerability is caused by a use-after-free error within the DocumentV8Internal::locationAttributeSetter() function when processing document.location objects under certain conditions, which could be exploited to leak arbitrary memory and/or achieve code execution via a specially crafted web page. III. AFFECTED PRODUCTS --- Google Chrome versions prior to 33.0.1750.154 IV. SOLUTION Upgrade to Chrome version version 33.0.1750.154. V. CREDIT -- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house RD efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES -- http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html VIII. DISCLOSURE TIMELINE - 2014-01-26 - Vulnerability Discovered by VUPEN Security 2014-03-13 - Vulnerability Reported to Google/ZDI During Pwn2Own 2014 2014-03-14 - Vulnerability Fixed by Google 2014-03-26 - Public disclosure
VUPEN Security Research - Mozilla Firefox BumpChunk Object Processing Use-after-free (Pwn2Own)
VUPEN Security Research - Mozilla Firefox BumpChunk Object Processing Use-after-free (Pwn2Own) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Mozilla Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android, by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. As of February 2014, Firefox has between 12% and 22% of worldwide usage, according to different sources. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error in the JS engine when processing BumpChunk objects while the browser is under a memory pressure, which could be exploited to leak arbitrary memory and/or achieve code execution via a malicious web page. III. AFFECTED PRODUCTS --- Mozilla Firefox versions prior to 28 Mozilla Firefox ESR versions prior to 24.4 Mozilla Thunderbird versions prior to 24.4 Mozilla Seamonkey versions prior to 2.25 IV. SOLUTION Upgrade to Firefox v28, Firefox ESR v24.4, Thunderbird v24.4 and Seamonkey v2.25. V. CREDIT -- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house RD efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES -- https://www.mozilla.org/security/announce/2014/mfsa2014-30.html VIII. DISCLOSURE TIMELINE - 2014-01-19 - Vulnerability Discovered by VUPEN Security 2014-03-12 - Vulnerability Reported to Mozilla/ZDI During Pwn2Own 2014 2014-03-18 - Vulnerability Fixed by Mozilla 2014-03-26 - Public disclosure
ESA-2014-015: RSA® Authentication Manager Cross Frame Scripting Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2014-015: RSA® Authentication Manager Cross Frame Scripting Vulnerability EMC Identifier: ESA-2014-015 CVE Identifier: CVE-2014-0623 Severity Rating: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) Affected Products: RSA Authentication Manager (AM) 7.1 all platforms, including Appliance 3.0 Unaffected Products: RSA AM 6.1, 8.0, and 8.1 Summary: RSA AM 7.1 SP4 P32 contains a fix for a cross frame scripting vulnerability that may potentially be exploited by malicious users to compromise an affected system. Details: RSA AM 7.1 SP4 P32 contains a fix for a cross frame scripting vulnerability on the Self-Service Console. This vulnerability may allow an unauthenticated malicious user potentially to misuse frames and steal sensitive information from legitimate users of the application. Recommendation: RSA strongly recommends that customers apply Patch 32 for RSA AM 7.1 SP4 at the earliest opportunity. Credits: EMC would like to thank Dave Morgan for reporting this issue. Obtaining Downloads: To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link. Obtaining Documentation: To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link. Severity Rating: For an explanation of Severity Ratings, refer to the Knowledge Base Article, Security Advisories Severity Rating at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Obtaining More Information: For more information about RSA products, visit the RSA web site at http://www.rsa.com. Getting Support and Service: For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab. General Customer Support Information: http://www.emc.com/support/rsa/index.htm RSA SecurCare Online: https://knowledge.rsasecurity.com EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. http://www.emc.com/support/rsa/eops/index.htm SecurCare Online Security Advisories RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided as is without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. About RSA SecurCare Notes Security Advisories Subscription RSA SecurCare Notes Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If youd like to stop receiving RSA SecurCare Notes Security Advisories, or if youd like to change which RSA product family Notes Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes Security Advisories you no longer want to receive. Click the Submit button to save your selection. Sincerely, RSA Customer Support -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (Cygwin) iEYEARECAAYFAlMy5s8ACgkQtjd2rKp+ALzE8wCdGKlTqKUcpylb+NZEJAzPwRHF NRcAoMXRkHL6E0t7qcpHSSv6Vj03FpCy =PU/V -END PGP SIGNATURE-
Cisco Security Advisory: Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability Advisory ID: cisco-sa-20140326-RSP72010GE Revision 1.0 For Public Release 2014 March 26 16:00 UTC (GMT) Summary === A vulnerability in the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks models RSP720-3C-10GE and RSP720-3CXL-10GE could allow an unauthenticated, remote attacker to cause the route processor to reboot or stop forwarding traffic. The vulnerability is due to an issue in the Kailash field-programmable gate array (FPGA) versions prior to 2.6. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-RSP72010GE Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTMeUsAAoJEIpI1I6i1Mx3QqEP/1W/RvtG5zkMAVcGxT/fmT57 YsEGW6+znRSsE7VLq4R6040SQYqJemtkdrug6PB5Ie1IWySd6Qv6FA5nAwtrRqaY aSyVSxXt0ta+zmoSlYqidQl+X+oLTWf4hbkKae2DUqlPSoRadyKzp4Fz6GARolka V1P6dCwXKYo+y8444cilT5iw28RajMYDFVBv8pl1j1O20ts8gLskq1sqQaZneYKZ dS8N4yaIOtRp+6hMtH3dcRDm0dy880l4yrBN+4sOC/Pf/oTRiwkhYUXZaDqOme4R K1rWArmc9tkFMGar5j4wVWYk0B8cdOu5+FQ/1hbd2PxgLpvFylDZ/5W83hnK9J4g HTgE9vQ3BDeJkoxLupOksTRxqYgxUzYCs1LfcCNoNbQTOs8tAidQyzng3Rhw3/Ty mB3dTOaR1giqnnp6HNbRzxmw1j7m2kOfkoNhrcLMcO+2R+SaBmG4IHtRoEeABGdc H19Nv7Y/GFug1AY9ntHOyMw1urVa7Dperb22mSqeeF4HPZoYlAYJG0itwkpmdI+R E8STnyi+Hx2LmjEUc59SSLpS0n1ciBRii6CG+hFUUPCDdyJpdGYgVYbOtn3g0YHw 5OR4qK2/hWNOFQ+6DIjhYvXecLEmGltJ1rMxdFdtgH5JT2IAZsdoUHko9b9PRTJ7 J+6y3e8dU2EfXhK7GuFA =RDpO -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability Advisory ID: cisco-sa-20140326-sip Revision 1.0 For Public Release 2014 March 26 16:00 UTC (GMT) Summary === A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages. Limited Cisco IOS Software and Cisco IOS XE Software releases are affected. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-sip Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTMeUuAAoJEIpI1I6i1Mx3NjYP/0etuiRKILQ2sFGrwyA+vUc+ af04L8J24D4/7/qQJ9YsZekjol0u0+vJIhHEMzqeRKiv4qUwHudtzgDLn6svASRR djFwz5QzPkrheF/Xk+tKT4NkDcPrr4MWH5j8zRltfYdRgQHVzGeV7u6JorOAlV3b m8Tkg6+sl4rTBw0tky8swM5H35p9UOnDzlFlzx6WNUGZFrv83wbj9L2ZdcDzXSdl 0jXw1xue9DEpksC3A2KNq9zIrizEJGfx97jhhRG0OsK/3gbO3ESFGr6wbkakLZNS WJmCgk82tiT2mM8/FulyPvdpuDAc5y0br+W0I0O0gABZmOoix0DT3NlJXh5hd48y 5iJ5s15D0Og3jJq3nzC8U2za+lMLcDsm4WGgWsY7UvzMWJ24u1Q4LP0Ios5r7bHV MF9CyWSxxqFO3pWBQw53HZhBDmk4rl3iDHSAytHVEjNlrmKAY/Q5MHZpMER1yQIO O9ER61S6eXTS6yCcoFf7cpdBvZR08C9PS/geOmv+5znJ4AbpzCdrQYUDZlcL/DhW jGZ/cvgytw3zPYozPYSFqnB/aadcA3xHeTjba9qsHlo8tAlJqUGIlIzzGsag1yuW rUSjLrnEUDiy0cGxq/tZsERiyUVWtafsc/F6/dshp27LB7Ih8ulOvpTEIMzZKAnv 8sx8s3vq7KEIpWUpj1ak =e0Cj -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability Advisory ID: cisco-sa-20140326-ikev2 Revision 1.0 For Public Release 2014 March 26 16:00 UTC (GMT) Summary === A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device that would lead to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device to be processed. An exploit could allow the attacker to cause a reload of the affected device that would lead to a DoS condition. Although IKEv2 is automatically enabled on Cisco IOS Software and Cisco IOS XE Software devices when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled, the vulnerability can be triggered only by sending a malformed IKEv2 packet. Only IKEv2 packets can trigger this vulnerability. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ikev2 Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3JYsQAJSSBgUo2Fq6HUJ1Rq/YlpEf S0FE1xiO9M+pD9w+gloAm+r86TTVrvi8eTsguHnm9I7aZBkKK72Fr6en/ywx7+c2 vqNt7sgfu2EHsK45zgYFMzYIOGomydamV6YixO7wvrnhWKjAHfcO51Ks7SPam2y2 2nTAGnifDcbQGcuneKyr61aob361E1UYpqlq4CK0+hEbx9VzCM2DuidiAOqCgtlA xtzw8Eu/8PP0baBi2DM7N/wlMMVTHNLXguSJNvsQxMnkvyoPObCXucSRvAPb5lSh s38f0kZKQSLcVorkelzT5G7Ht7PxqFJAeghongQW77XEoQ0ERi/isuKHKM16AM+F NCMrWeeNCw3Fcpp9lFu7dmnQx/CAdApB26UEnRifN5dp+wPxk7Jzb/Y/H5jMH+vr XxpzCGvDD8Nlm6PaBbP/leezuBUjWv61xKeeJup/thsl6/lJVsrgFScvQNfXP49x IwPvgFx+u67PIkE0+873+JmrPENNUAY7Le6OmA6UyCewY4seDByEbG9AdigmQAR4 yWUUTe2iFAYKuVKshcrOnCX83qM2K6RNBTbQXS0YrE0gx/f71PdiEs4jiUeSh9aO rJsqX1EJa5QWeOgSlSpNJs/RCs1szchnYcKA2FGmF7sQPYHehY5X8rOistgSCRyd SUNxQ9T/HDRmOpXM85n8 =XFWb -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software Network Address Translation Vulnerabilities Advisory ID: cisco-sa-20140326-nat Revision 1.0 For Public Release 2014 March 26 16:00 UTC (GMT) Summary The Cisco IOS Software implementation of the Network Address Translation (NAT) feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service condition. Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-nat Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTMeUuAAoJEIpI1I6i1Mx3WmEQAI3rKhU7UnKxev8CKq4Hfp5I mBnX5uHKz+w5vNqgTPYL6y228XHsicFZKNfR9Z2PiyHjwdFq3ndZACYRiK5iKxme oRO3fLAv3Muhb0F0f4j8p6NvzDoE9uZMqIlvG709+VtFhwKeW6aziV9FPNVNbe33 Jnub4qi3AINnxalKiGixmN52rCkNficlHTgbsmvRscqF0NYVos4L+CEcuukyohOV jr41sRLO9/IvY1cwPtkQ5FHI/YLvD7/P1wzVr13eJkTdS28oD0Jo1yArvQJBf+Ae fvlnhoprtAhkGUSYlyUKF5HOCe8lScYMKvfP5Of56yLr+0RQuJty4X4hCX4+HbPd g3AI2yOUHGixLZAVV8GEsnbBtPnenPjqe7EAapyMT+YZx4ocD2dUPMfQTUcUye1r rOQeQjI+vX8NLzlS1paV0vImuN0rJi1phi4/Ne+XT5qSGic3tMZVGm8rsWiMNB8l qosaCwAXUx75KraBU2g8pe8iwmUSGQPFLZoMNkKjez/oEBKXAsCMgZYzsZpht4tg kiDMU2W7OlVPkMcg6Jym/L6bLSzCUekkSREshd2KxzLm4hRSZOX36RNL5wKGjCxQ 94myZA59h4L53lmLUYpsqH6KJafW7NPL/u+YQOQ6qO9iH8c/m04mVCQ2Y05rtDPX OZnQJUm5po9ws6ylHFKw =7Q5K -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software SSL VPN Denial of Service Vulnerability Advisory ID: cisco-sa-20140326-ios-sslvpn Revision 1.0 For Public Release 2014 March 26 16:00 UTC (GMT) Summary === A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a failure to process certain types of HTTP requests. To exploit the vulnerability, an attacker could submit crafted requests designed to consume memory to an affected device. An exploit could allow the attacker to consume and fragment memory on the affected device. This may cause reduced performance, a failure of certain processes, or a restart of the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx3BJ4P/Aytcbvaue49DkNDq0G+3C8+ mv2W8/1HeqSvrmbc8QUJrelPA1kfYXGSf+7VX9lpwTdKKPrMPpkso1WXA7tK2t5i uiaqy8+KON/V3uFTjLhSBxZsMmSYws/uO8rV9oY7NLGfv2cwGztEbrKwz9g5Hsfc X3TlEgPaX73a/xb92eP//+e31ZNCPw6NRKmUfi6v7YG38WNghT7lqtI7GVlHiAkd atAqZ8NOyn7V+lHNjdOpAzFplo6R+GZCBfAFkEYuEU3dAAccMQbkaq6XgZAigycn dko3EWzfa+I/4RHDrRIa/XAY6Ogrnp/jmaTm4sGF2aqQOASH7X/oDU4X6KnD6ixo RicU1XeEsxgh5/FOf0wWo53BTcf/1nx34LkazZ6k6+jh8193IRWGb9J90E7S+/M8 2jbB8kwxuroH1qQ73jqguiuTC0eemPn2k5MS01ZAfcIEJPcA4OyTkuA/3tiISeYQ 0GesrJ3m7WOovFNSIq8v4WaTMcvZO9vHLZ/6BMcd4a+1uPnzPeR9rfI8JA2VA8Wd EAjbKdWA/kPxbVop2ajRjYTl7uMN6/g9SFP/eBjWpAFLnUfE6n1b24cn9v26OQpB ZxuMKA6eaeoT88KlouxudQcAgtpZZFzp4/ghWCy8q82WhHg4uDqw3R243rRxaBa7 RF3x0wYuErbbC7N9m1UH =1Ixo -END PGP SIGNATURE-
Cisco Security Advisory: Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20140326-ipv6 Revision 1.0 For Public Release 2014 March 26 16:00 UTC (GMT) Summary === A vulnerability in the implementation of the IP version 6 (IPv6) protocol stack in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause I/O memory depletion on an affected device that has IPv6 enabled. The vulnerability is triggered when an affected device processes a malformed IPv6 packet. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ipv6 Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTMeUtAAoJEIpI1I6i1Mx35GAP/jkk82q87zMnC9n9e2t9u1DD 7OHUYo7fuXu2L85+zDGgtE7LJ5c9mjZou12A87cjgx4v1B6xvDoemjtoIEmqWKQR LsSoI6oQL6E3PAqeDn70Lrr++kAV/4dCSzoFuiDWa5NLWO2NA1pxoRsF8f/KTENj PvPng8UPlF2WBDqNdTnjR2upDMqn1/jQOMxSSRmkMAOQ0Q3j+g9Pd+rb8ocqTJmg wCj5vXfB52E0HoGddT0UxjkxL1+CR9Jo262LeuRRtMGQsEpK94+L9d4kC/AhhclU RodAJztNC42KdFR4iE1jDHUA8HwhgnkdzuXlA12GIXeHB9EBQR5Te1hyzuAnxq5X x3IeqZnaufO2DmxAVpl3lfEDyKeyAipfCPDtFhEmDF/l12zBRlbMudEwA1Buwriq ayH4798ASI0bBumUiaMiiOyYKbqFL33ONdFMiQZv2lYam1QlYU0Ps3IMiZhD5YHX 9nOKcuWU1Uym+VjHiIKLg5/qQpndg9h+E6mNzZrQSXrpU1nYtwBCZiShBhR5+f4J WYLOVZu5LDpW6mQAhYyKC7ehugeqJZRaZQQX5oi94hlBxz1+4zin8GRVLn/Ibrtq GaeMGODALQjpolszEAt7a4QA5884m++h7Z4Crszr4s4E4j4bUdCEgDc9ynInmO80 OvU1rCkvg7QWSv3HfxI2 =nr53 -END PGP SIGNATURE-
Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)
Hi, We have recently discovered a series of vulnerabilities in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data (such as cookies and cached information) which reside in that directory, breaking Android's sandbox: 1. (CVE-2014-1516) Profile Directory Name Weak Randomization. 2. (CVE-2014-1484) Profile Directory Name Leaks to Android System Log. 3. (CVE-2014-1515) Automatic File Download to SD Card. 4. (CVE-2014-1506) Crash Reporter File Manipulation. The full analysis with exploitation techniques can be found in our whitepaper. Important links: 1. Blog post: http://bit.ly/1drYsZp 2. Whitepaper: http://slidesha.re/1gqiyD3 -Roee
[SECURITY] [DSA 2884-1] libyaml security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2884-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 26, 2014 http://www.debian.org/security/faq - - Package: libyaml CVE ID : CVE-2014-2525 Debian Bug : 742732 Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. For the oldstable distribution (squeeze), this problem has been fixed in version 0.1.3-1+deb6u4. For the stable distribution (wheezy), this problem has been fixed in version 0.1.4-2+deb7u4. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your libyaml packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJTMy+yAAoJEAVMuPMTQ89E1McP/1xehR/bgSW0FmyhpnPjG1rQ yXyr7yTsz0jt1fxlzcsx3pWUqNmm5VQ9JvurCNuzjD1Fwc3918xVAAD7lNwCCP6M xyWKeNTxx4Tq6ZwsmJ4soBvMryGhPNWFvhDNsTeZVuDBiDmUylR1J0vmPUfRdSBm 6iPi0Gbxh6nZcIssCmdfTR6oe9vPu136KROX2D9JPbRGotfIHu84Q80KV4OiPRZ2 lXZX3Mg7k74VztOxvzKSQ3C93acH2a4FEgXNtS+VnjF/U1ACeDEg3KjKXPPZmlYp ro3WFsdG/ENmhG7kE7t3yURUu9QRVTmXscazy5FnML+y3sbr27FPmw6cXo/ewF1y I71z7DKhIiW7SNcZobhKq54RKh9FCg3nVOMnb/iZK9eKZtZiwLmEALpq+ivaXpm8 WMD5GJQPVbzooQ4EUmsQlQ1UoZkXS5CPU5dXAGF5uZXAosaLYTnzFGEQybAyjRG/ sb2tn11vHjQ4wn8DCM+kyiDI03hI7IC6Prpuf7XiwXIk9nsfQXTFzBA78l2iJfCz UQgv01Yv3pffecZtosI4/DSvprX4L5enTn+zDQCnhWu//eFqqLtnUjwXuwORhN/j aW1SEmlD+MSiZq9lZyb2B1IpCJHY48h2WaAwJb5m7L9HuTFUJPkdqdJnyDQXw+1y qfFeeBmUxXFDHpxdSzGB =63I8 -END PGP SIGNATURE-
[SECURITY] [DSA 2885-1] libyaml-libyaml-perl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2885-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso March 26, 2014 http://www.debian.org/security/faq - - Package: libyaml-libyaml-perl CVE ID : CVE-2014-2525 Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. This update corrects this flaw in the copy that is embedded in the libyaml-libyaml-perl package. For the oldstable distribution (squeeze), this problem has been fixed in version 0.33-1+squeeze3. For the stable distribution (wheezy), this problem has been fixed in version 0.38-3+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 0.41-5. We recommend that you upgrade your libyaml-libyaml-perl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJTMzAiAAoJEAVMuPMTQ89E6G4P/14Qr/oZjfgcQBw2g249Vxho oNmieBsOvxgPvU+6kyrp7Zt+jIOzLSCWFVfGU8oQRjCHQRfNRHHKhGVq6s8u8/uW H9bXhFBqh4VfxaFkdEdw6SVKwR6eOOy86wx5Rziwy7EYVE45TlkdT7Z23EYO1AA+ k3ggzOx6DDeG5QKB0dAxoZQ+UuTmsbOSchuNQiRS6QyvA0KcUeZdICOOKUJTC/fH Cu61mLj5cjT+xGzRXlZP/vCh1rGRP6MjVtRS6kkDtoadcHzPI7ogTNSADqU6ox2I tKd2nGP163bBb9zvO2TJBM2j2HWCs06tXs79a1q9gAn78RxXfOTNW16WbivFX3Gy O4YBFBwtm5vwaa58jPFASxbpVidJbFtrS/h6vyzlieUbQDNSy8qbvqbmkAKEJdsK traApuNTNjAEvPLUQv8mIZwfbXEXU60N8gk/PSe9fBWNUpp7HdhT3okWkax8KXvy CTyKSODlTjzRsY17eSMcIU1X6bFxMNrv5fBbDHfiHwmFDixjrjVWOaL92+7usxea cj5Ns+zTrUDAE1xuGbYv2GX0Qhy+d8S6J01L54wjFivwhO3PvIRwQ1lpxFPhpkLB uZg1yAepheJGWYZXerHmvX+DEmIAYqTMJYD441jrECiZ7vLgpJ7ETuXrxk3+nZho GUUh3wY2FCUc6V/Iueih =hEn9 -END PGP SIGNATURE-
[SECURITY] [DSA 2886-1] libxalan2-java security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2886-1 secur...@debian.org http://www.debian.org/security/Florian Weimer March 26, 2014 http://www.debian.org/security/faq - - Package: libxalan2-java CVE ID : CVE-2014-0107 Debian Bug : 742577 Nicolas Gregoire discovered several vulnerabilities in libxalan2-java, a Java library for XSLT processing. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution. For the oldstable distribution (squeeze), this problem has been fixed in version 2.7.1-5+deb6u1. For the stable distribution (wheezy), this problem has been fixed in version 2.7.1-7+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 2.7.1-9. We recommend that you upgrade your libxalan2-java packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJTMzhoAAoJEL97/wQC1SS+XDgH+QFIhm6HIEaSB5AyGnW/3h1i tM+qTA5Oze8FwHTLXYdLbu1V5rJUsNKNdtF/ldf9n+D3MACc8u2Sz3BOa+gixKCz BWk5s9vc8gRBHz0L/Q3ev+Nf6GKTg25ToMy+iwZhj/p0LjpEYYQRa8GbWepgasDx Uqo34fuiq8z8Ntbs9xpQZLxCeoLFTPvRl1Pp++5uroMriulEAg1NH0cl6b8Cv4R8 MrAP6H6CsvmGZXc24OZTvnW1zuflCSw7YDdaEB/6MXtRejUugVqBh7Rbn3Gdp9N/ YIaKStItV0sK+uWBtgUl/l43Lcgy4hBJD6SnFRwCLnO5n0/GK3dh6367jqz5vpU= =+zPT -END PGP SIGNATURE-
