[SECURITY] [DSA 2933-1] qemu-kvm security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2933-1 secur...@debian.org http://www.debian.org/security/ Giuseppe Iuculano May 19, 2014 http://www.debian.org/security/faq - - Package: qemu-kvm CVE ID : CVE-2013-4344 CVE-2014-2894 Debian Bug : 745157 725944 Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2013-4344 Buffer overflow in the SCSI implementation in QEMU, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. CVE-2014-2894 Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption. For the stable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u3. We recommend that you upgrade your qemu-kvm packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iEYEARECAAYFAlN6BUYACgkQNxpp46476aojCwCZAXKnrPO692P0h2gC8ejL8LUI jMYAoI4auIQesFeYWeCgBN4LeANJw+ZX =64eN -END PGP SIGNATURE-
FTP Rush: missing X.509 validation (FTP with TLS)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2014-002 Product: FTP Rush Vendor: Wing FTP Software Affected Version(s): v2.1.8 Tested Version(s): v2.1.8 (Windows 7 32 bit and Windows 8.1 64 bit) Vulnerability Type: X.509 validation Risk Level: Medium Solution Status: Vendor Notification: 2014-04-04 Solution Date: Public Disclosure: 2014-05-19 CVE Reference: Not assigned, (but similiar to CVE-2012-6606) Author of Advisory: Micha Borrmann (SySS GmbH) Overview: FTP Rush does not validating X.509 certificates, if FTP with TLS is used Vulnerability Details: A user can not recognize an easy to perform man-in-the-middle attack, because the client is not validate the X.509 certificate from the FTP server. In an untrusted networking environment (like a Wifi hotspot), the current FTP AUTH TLS connection with FTP Rush should be classified as not encrypted. Proof of Concept (PoC): not needed Solution: use another client for FTP with AUTH TLS Disclosure Timeline: April 3, 2014 - Vulnerability discovered April 4, 2014 - Vulnerability reported to vendor May 19, 2014 - Vulnerability disclosure, after a period of 45 days for a responsible disclosure Credits: Security vulnerability found by Micha Borrmann of the SySS GmbH. Disclaimer: The information provided in this security advisory is provided as is and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS web site (https://www.syss.de/aktuelles/advisories/advisory-ftp-rush/) Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJTefx8AAoJEPxn66kbURKKFw8P/R1/D7b8GoZTQtPe2Rj/w6Sx KakOOZ5IOEgbZP9pl6vOQBCCOWfipJFgVCSoF9BYUOJ9k/fM7inQZl7e4BRBIfGR 2bJveIe+VScTnDQ+yt56TKo6jSMvdszwcBrNTTI+cTn1CvlWBJiDAjHj6SWDCWRe 47tT7LMtOCL8bA/EAacfxWxAJFv2Zu45rkSqGXvKxz987Ss1CuuMUHQ6BzyggcCS GvvfojwvNDOK77C+uYAdnqcyaWmepX++T9FmQbvjOulrysN4LamvdfpzlOt1ZxTe Mcw03Y/ERTrEZkNfahk98LwklceImp0ZozJWazmFaBwEUuKGXJNeBniq+RE7PORq e1cZ5zBsD4xiO3OoFwzV/GvP/2/O/I4hPI9WbfhjaZ2A1bGEv3hofy4HWPUKk8w3 aclr7pyY8CqhwY6ZPzV1euhpM2sVzfUTdf2NcNVY6Ra3dbj+QkqgYI6xyRtXSEvS cLElul4ihD9fd0asY6Iczl6bXLUj5tWAHlYR0hz59NJiJBFlWgf+bf44SqmCel+x qh1P66/CbFWjWvit60FmYL+nPYxjXc2ygo7bYu84uwzs06z/zcuVVlJSpSuUl2WG dbr9dTL+aQys7zAbLCsh5DnqRmWiMNM4z/V+CRiZuZLRaPVlclPJTeBAxSeZpOuP MwOf6Izjw169Ih5Dw1dT =pJ3c -END PGP SIGNATURE-
JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]
# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # # # # Product: JavaMail # Vendor: Oracle # CSNC ID: CSNC-2014-001 # CVD ID: none # Subject: SMTP Header Injection via method setSubject # Risk: Medium # Effect: Remotely exploitable # Author: Alexandre Herzog alexandre.her...@csnc.ch # Date: 19.05.2014 # # Introduction: - The JavaMail API provides a platform-independent and protocol-independent framework to build mail and messaging applications. The JavaMail API is available as an optional package for use with the Java SE platform and is also included in the Java EE platform.[1] JavaMail does not check if the email subject contains a Carriage Return (CR) or a Line Feed (LF) character on POST multipart requests. This issue allows the injection of arbitrary SMTP headers in the generated email. This flaw can be used for sending SPAM or other social engineering attacks (e.g. abusing a trusted server to send HTML emails with malicious content). Affected: - The following versions of JavaMail were tested and found vulnerable: - 1.4.5 (included in the .war file used as demo from [2]) - 1.5.1 (latest version downloaded on 31.12.2013 from [3]) Technical Description - The tests were performed using the .war file downloaded from [2]. That code features an example on how to send a file per email using JSP and a servlet. The relevant parts of this example are: [...] /** * A utility class for sending e-mail message with attachment. * @author www.codejava.net * */ public class EmailUtility { /** * Sends an e-mail message from a SMTP host with a list of attached files. * */ public static void sendEmailWithAttachment(String host, String port, final String userName, final String password, String toAddress, String subject, String message, ListFile attachedFiles) throws AddressException, MessagingException { // sets SMTP server properties Properties properties = new Properties(); properties.put(mail.smtp.host, host); properties.put(mail.smtp.port, port); properties.put(mail.smtp.auth, true); properties.put(mail.smtp.starttls.enable, true); properties.put(mail.user, userName); properties.put(mail.password, password); // creates a new session with an authenticator Authenticator auth = new Authenticator() { public PasswordAuthentication getPasswordAuthentication() { return new PasswordAuthentication(userName, password); } }; Session session = Session.getInstance(properties, auth); // creates a new e-mail message Message msg = new MimeMessage(session); msg.setFrom(new InternetAddress(userName)); InternetAddress[] toAddresses = { new InternetAddress(toAddress) }; msg.setRecipients(Message.RecipientType.TO, toAddresses); == msg.setSubject(subject); msg.setSentDate(new Date()); [...] [...] /** * A servlet that takes message details from user and send it as a new e-mail * through an SMTP server. The e-mail message may contain attachments which * are the files uploaded from client. * * @author www.codejava.net * */ @WebServlet(/SendMailAttachServlet) // CSNC comment - this tag enables the processing of POST multipart requests @MultipartConfig(fileSizeThreshold = 1024 * 1024 * 2, // 2MB maxFileSize = 1024 * 1024 * 10, // 10MB maxRequestSize = 1024 * 1024 * 50) // 50MB public class SendMailAttachServlet extends HttpServlet { private String host; private String port; private String user; private String pass; public void init() { // reads SMTP server setting from web.xml file ServletContext context =
[security bulletin] HPSBMU03022 rev.3 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04263236 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04263236 Version: 3 HPSBMU03022 rev.3 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-25 Last Updated: 2014-05-19 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. This is the OpenSSL vulnerability known as Heartbleed which could be exploited remotely resulting in disclosure of information. The HP SIM software itself is not vulnerable to CVE-2014-0160 (Heartbleed). However, the software components bundled with HP SIM are impacted and should be addressed if installed. References: CVE-2014-0160, SSRT101527 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Systems Insight Manager 7.2, 7.2.1, 7.2.2, 7.3, and 7.3.1 bundled with the following software: HP Smart Update Manager (SUM) 6.0.0 through 6.3.0 HP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3, v7.3.1 for Linux and Windows WMI Mapper for HP Systems Insight Manager v7.2.1, v7.2.2, v7.3, and v7.3.1 HP Version Control Agent (VCA) v7.2.0, v7.2.1, v7.2.2, v7.3.0, and v7.3.1 for Windows HP Version Control Agent (VCA) v7.2.2, v7.3.0, and v7.3.1 for Linux HP Version Control Repository Manager (VCRM) v7.2.0, v7.2.1, v7.2.2, v7.3.0, and v7.3.1 for Windows BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2014-0160(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has released the following software updates to resolve the vulnerability for HP Systems Insight Manager (SIM). HP SIM 7.2 and HP SIM 7.3 Hotfix kits applicable to HP SIM 7.2.x and 7.3.x installations are available at the following location: http://h18013.www1.hp.com/products/servers/management/hpsim/download.html Note: Please read through the readme.txt file before proceeding with the installation. HP has addressed this vulnerability for the impacted software components bundled with HP Systems Insight Manager (SIM) in the following HP Security Bulletins: HP SIM Component HP Security Bulletin Security Bulletin Location HP Smart Update Manager (SUM) HPSBMU02997 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04239375 HP System Management Homepage (SMH) HPSBMU02998 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04239372 WMI Mapper for HP Systems Insight Manager HPSBMU03013 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04260385 HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) on Linux and Windows, HPSBMU03020 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04262472 Note: If customers believe that the HP SIM installation was compromised while it was running components vulnerable to Heartbleed then the following actions should be done after upgrading to the non-vulnerable components. This includes revoking, recreating, and re-importing certificates and resetting passwords that might have been harvested by a malicious attacker using the Heartbleed vulnerability. After installing SIM72_hotfix_2014_Apr_win.exe hotfix, HP Systems Management Homepage has to be manually upgraded if it is already installed on the CMS. HP SMH installer for 32-bit and 64-bit can be found in the CMS under the location SIM_INSTALL_DIR\smartcomponents . The installer filenames are cp023242.exe and cp023243.exe. In case it is suspected that the infrastructure has been compromised, the user needs to create new HP SIM Server certificate and Single Sign-on (SSO) certificates. To create new server and SSO certificates, refer the HP SIM 7.2 Command Line Interface guide which can be found in the below URL: ttp://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/inde x Refer to the mxcert command section which has the details to create new server and SSO certificates. Once the new server certificate is created, it will invalidate any trust relationship between CMS and any other system that depend on this certificate, such as browsers. The user must re-establish the trust between CMS and other system that uses this certificate, and revoke any previous SIM certificates from any device
[SECURITY] [DSA 2934-1] python-django security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2934-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso May 19, 2014 http://www.debian.org/security/faq - - Package: python-django CVE ID : CVE-2014-0472 CVE-2014-0473 CVE-2014-0474 CVE-2014-1418 CVE-2014-3730 Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0472 Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() URL resolver function. An attacker able to request a specially crafted view from a Django application could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. CVE-2014-0473 Paul McMillan discovered that Django incorrectly cached certain pages that contained CSRF cookies. A remote attacker could use this flaw to acquire the CSRF token of a different user and bypass intended CSRF protections in a Django application. CVE-2014-0474 Michael Koziarski discovered that certain Django model field classes did not properly perform type conversion on their arguments, which allows remote attackers to obtain unexpected results. CVE-2014-1418 Michael Nelson, Natalia Bidart and James Westby discovered that cached data in Django could be served to a different session, or to a user with no session at all. An attacker may use this to retrieve private data or poison caches. CVE-2014-3730 Peter Kuma and Gavin Wahl discovered that Django incorrectly validated certain malformed URLs from user input. An attacker may use this to cause unexpected redirects. For the oldstable distribution (squeeze), these problems have been fixed in version 1.2.3-3+squeeze10. For the stable distribution (wheezy), these problems have been fixed in version 1.4.5-1+deb7u7. For the testing distribution (jessie), these problems have been fixed in version 1.6.5-1. For the unstable distribution (sid), these problems have been fixed in version 1.6.5-1. We recommend that you upgrade your python-django packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJTemvyAAoJEAVMuPMTQ89EtfQQAJiAPQJLzcGCjp+zvp9JJywJ +/xkbwJOC5B3BDGZ9DOWRZwLSkVVLYA36bpGz/yFursKsTHqP0MshcBh5kvCC7JA uFdX7MQCTz2jh9YmEK3Vqf9Y7xihWBsVuBonVy0m+HmBPB/g34GZJ488XBZMK5E3 omvp0PF4q0+u7O8uE+fk2V+zwYy3HiQkz1ZBifT1Fwd5OYoSV6nXRhJdJbrvHxt0 0XTM9v9YjQLW90GOXUh5IZZ1sx+oF0sS3BHXWpPFVt6w8hZJADSBGQTujnq5rk7L Ph7iRctig3aeb22UToRE/g4OsPtrsSwFIUetg9NVQm41Aov0vlDkR2OUvOAQ8Bax 4vMyH64LU/ti2UjmRmc1MEZsuFkhUcYLUcSupXRYTBbwwHT5Vbbnw+AZR6sJUXPD +mUUp4y/DsVThJlrK0VyMcrpuUK2nCytU6C8VHLTncHj5GSTcXGKwCEyYxsfZCmt HdgEV0/GsObuU/qP86mShfKbWeI+RgKpm4bB9/j6yPu5oQkGWPGk5yd+O2QbRMND QHd4nq1fTZFxYDSI17V8JzAjNbwVsyrigDed571OUBQdTLHarWnh7B9Co0T4oC/b wxRZriEheqvvBnYOtOxAJcoSUb837ztLSCxX79lGAIz4fCKzEvDv+/HNeqdjqdhR 6SkVES2g4mTwHbtQy8Ep =7/zi -END PGP SIGNATURE-
t2'14: Call for Papers 2014 (Helsinki / Finland)
# # t2'14 - Call For Papers (Helsinki, Finland) - October 23 - 24, 2014 # Do you feel like Las Vegas is too hot, Berlin too bohème, Miami too humid, Singapore too clean and Pattaya just totally confusing ? No worries! Helsinki will be the perfect match for you – guaranteed low temperature, high tech and just enough regulation to make everything appear to be under control. This is the country where indestructible mobile phone and Linux kernel were invented. Helsinki, the capital of Finland, known for the Finnish design and casual-yet-almost-sophisticated drinking culture offers you the chance to familiarize yourself with the birth place of many popular PC, console and mobile games. The murder rate of only 2.2 per 100 000 people makes Finland one of the safest countries for delivering a presentation. Do polar bears roam free in Helsinki? How do you go from being silent in three languages to having incoherent discussions in all of them? What does 176% mobile penetration look like? Come and see for yourself! t2'14 is looking for technical infosec presentations with original content. Whether it’s your complicated relationship with the APT, embedded device exploitation, tactics and operational procedures in high stress / high risk operations, implementing or avoiding global surveillance, latest advances in offensive/defensive applications of computer science, the gospel of weird machine, breaking the Internet, reverse engineering milware or something totally different, we’d like to hear about it. The advisory board will be reviewing submissions until 2014-07-04. First come, first served. No returns, no refunds. Quick facts for speakers + presentation length 60-120 minutes, in English + complimentary travel and accommodation + decent speaker hospitality benefits + no marketing or product propaganda A blast from the past: https://www.google.com/search?q=site:t2.fi%20intitle:%22schedule%20for%22 How to submit = Please include the following with your submission (incomplete submissions will not be accepted): 1. Contact information (email and cell phone) 2. Country and city of origin for your travel to the conference 3. Brief biography (including employer and/or affiliations) 4. Title of the presentation 5. Presentation abstract 6. Explanation why your submission is significant 7. If your presentation references a paper or piece of software that you have published, please provide us with either a copy of the said paper or software, or an URL where we can obtain it 8. List any other publications or conferences where this material has been or will be published/submitted Please send the above information to cfp-2014 (at) lists.t2.fi -- Tomi 'T' Tuominen | Founder @ t2 infosec conference | https://t2.fi signature.asc Description: OpenPGP digital signature
Construtiva CIS Manager CMS POST SQLi
TL;DR; == . PRODUCT : Construtiva CIS Manager . TYPE: SQLi http://site/autenticar/lembrarlogin.asp (POST email) . CVE : CVE-2014-3749 Software Description . The CIS Manager platform is a complete and powerful tool to manage sites and corporative portals on the Internet. The platform components bring autonomy to your company to manage the content (structure, texts, images, downloadable files, articles, news...) without the need of a developer. (...) Release date 2014-05-16 Details === . SQL injection using POST parameters: URL: http://site/autenticar/lembrarlogin.asp TYPE: error-based PARAM: email PAYLOAD: email=xxx' AND (...) Disclosure Timeline === 2014-04-16: Vendor notification. 2014-04-26: No response. Vendor notification again. 2014-05-10: No response. Vendor notification again. 2014-05-16: Public disclosure. Contact === Thiago C. edge () bitmessage.ch
[security bulletin] HPSBGN03007 rev.1 - HP IceWall MCRP and HP IceWall SSO, Remote Denial of Service (DoS)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04278900 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04278900 Version: 1 HPSBGN03007 rev.1 - HP IceWall MCRP and HP IceWall SSO, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-05-19 Last Updated: 2014-05-19 Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP IceWall MCRP and HP IceWall SSO. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). References: CVE-2014-2604, SSRT101515 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP IceWall SSO Version 10.0 Dfw HP IceWall MCRP Version 2.1 and 3.0 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2014-2604(AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP recommends that HP IceWall customers apply either of the following steps to mitigate the risk of this vulnerability: Disabling POST filter function by commenting out POSTFILTER parameter lines in the HP IceWall SSO Dfw or HP IceWall MCRP configuration file. If step 1 is not possible, install the HP IceWall iwfilter module(mod_iwfilter) on the servers running Apache utilized by HP IceWall SSO or HP IceWall MCRP. Information to download the HP IceWall iwfilter module is available at the following location: http://www.hp.com/jp/icewall_patchaccess Please note that the HP IceWall product is only available in Japan. HISTORY Version:1 (rev.1) - 19 May 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlN6mvEACgkQ4B86/C0qfVlvvQCgoW1xhLrLPP+8a9grnQBNTOJN oz8AoLHX6yZ2AHr7LiS6x6+uAaTPJBj9 =jjIi -END PGP SIGNATURE-