[SECURITY] [DSA 4464-1] thunderbird security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4464-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 15, 2019 https://www.debian.org/security/faq - - Package: thunderbird CVE ID : CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. For the stable distribution (stretch), these problems have been fixed in version 1:60.7.1-1~deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0FXTkACgkQEMKTtsN8 TjbLAA//X49+xFMe5B5OY85i8jIPtd1oI8NtQAka10xPwD4fy2q0neHYp2pD9GuL gFNxYllyNwTAg1StjHYqyXq8yu+lBMWoLJA7Y3EhT1vHKuKjzacd+tbJWEDrq4rr cpFIu7rvg3R848hiL82tZZWLdm2Y1CJCFq/UrClxwF7VswoHKmsxNnOw8d5tgNqQ dRZfxRhXVLog310zOA5vOMO7DkG0CIxfOk/7IgQ7IXiC9WnPuvjGg0U6y+8wskVP pdoexcgdb6dvIhENrtrcDMxrS/HI48n2uEYv4W1f0S32/peQ/cnVpyMretKk4aR1 P7s70IiEcoNuxb4JgD+gC57AkXr/jz4m0liqoli/G2u8DjJtVSEbXgI2tIWXOzsf SCi673AlfK2mQY6ME53fNcY/Kl2fxsb1nywgDE5/zWJXcEpvBO0nNeP8akepJun7 /Y4QvI/0V9fB+8RYDhySdX3T5UmhwWRkRrKTR1FhYzweg9J8oJ2auk2Ltnn2fHFD qMV3s4dYm2PBbxoaPtmfOr7ZtcgrkGDFLCaFgPPCE5WMHfiI0awaAA9KQWRKzmtQ HSEgulcFYmNMx9lzqTA4SJBxMjGcJaKaYVs+5+TLNpHI6np5quc96SVAGArMf9mn eTNvqZxSOVWJ9cb17kXN3GHjueVXzvCs2nd4aoY0uE14W/185wE= =5ltk -END PGP SIGNATURE-
Microsoft Word (2016) Deceptive File Reference ZDI-CAN-7949
[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WORD-DECEPTIVE-FILE-REFERENCE.txt [+] ISR: ApparitionSec [+] Zero Day Initiative Program [Vendor] www.microsoft.com [Product] Microsoft Word 2016 [Vulnerability Type] Deceptive File Reference [References] ZDI-CAN-7949 [Security Issue] When a MS Word ".docx" File contains a hyperlink to another file, it will run the first file it finds in that directory with a valid extension. But will present to the end user an extension-less file in its Security warning dialog box without showing the extension type. If another "empty" file of the same name as the target executable exists but has no file extension. Because the extension is supressed it makes the file seem harmless and the file can be masked to appear as just a folder etc. This can potentially trick user into running unexpected code, but will only work when you have an additional file of same name with NO extension on it. [Exploit/POC] 1) Create a directory "PoC" 2) Create a folder in PoC directory named "Downloads Folder" 3) Create a .BAT file named "Downloads Folder.bat" in the .BAT create some command like "start calc.exe" 4) Create an empty file named "Downloads Folder" with no file extension 5) Create the Word ".docx" file with a hyperlink pointing to "PoC/Downloads Folder/Downloads Folder" Upon opening the link Word will give user an vague dialog box about asking if they want to open the file. However, the prompt shows an apparent folder structure and no file extension .exe, .com etc are visible or displayed to the end user. Click the link to open what looks to be a folder then BOOM! the .BAT file runs instead. Of course any exeuctable will do .EXE etc. [Network Access] Local [Severity] High [POC Video URL] https://www.youtube.com/watch?v=irxkV_qGG9Y [Disclosure Timeline] Notification: Trend Micro Zero Day Initiative Program : 2019-01-25 Case officially contracted to ZDI : 2019-02-06 Vendor Disclosure : 2019-02-15 submitted to the vendor as ZDI-CAN-7949. ZDI Response : "We have synced with the vendor and they have resolved that this case does not meet the bar for security servicing. Therefore we will proceed to close it on our end." 2019-06-14 : Public Disclosure [+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. All content (c). hyp3rlinx
[SECURITY] [DSA 4463-1] znc security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4463-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 14, 2019 https://www.debian.org/security/faq - - Package: znc CVE ID : CVE-2019-9917 CVE-2019-12816 Debian Bug : 925285 Two vulnerabilities were discovered in the ZNC IRC bouncer which could result in remote code execution (CVE-2019-12816) or denial of service via invalid encoding (CVE-2019-9917). For the stable distribution (stretch), these problems have been fixed in version 1.6.5-1+deb9u2. We recommend that you upgrade your znc packages. For the detailed security status of znc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/znc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0D/QRfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R6Zg/+OBjUj1ewPAO8liP4P+MyrfQRI/iy0qCF+Daet5EPevDnJSt6ogDrTFOR 3b6oLlGw7aGnXswhb1WA3QM+onZ81RnLFgZgclb5hcB6le0P/zohtrH68Jn/FpD4 blcUNlAp6eglKQ4gtPgbl3eoJeeNNIoNPCw37cIIvKL0WuG5py1iMom9AnY/Slui 5UjuLFkSYp6lE/2MDjMtjeEcpAVQDQi2+TVimkamoAABSduFDl8nHqOPruzO6HQK lAK81VZP5wyW6A4A3+i81L25zkW/Ooh3TTpbErBdYW4zabdzh6bIuYXmpf8/65/Y r7FgzuvSqRy4JMEVHt86nIZCKJA9nwm+29kGkBjytWMhQzSokVWCSecjJD7fZjdq QlilNcGx/J8wtU4H1xFpQ/SlvmIC4u/SJ7Fppi6BfxSfCKg9ch/FpXPaZmU+IE4u YgGmKug6ngbzvTLBWjb2jkvn2mSBs2OTFfpOMnuYRxz5+YkvvIJYnvDcXWDytxP1 rr9jjbZ/hdSn2pW5DjmADVj5WjTNsnmpLgGMmH5/Uk8PZ2mx4RzGeBP0m+cKhM1n YG52mOqGc04eca2hKPQ2Dxm2bB63TVshXb0kWZfd75M2gvvVi9gdZWsQdeJ52NG1 sAfYvYwLIzV/J0SUkBqurS3WW6MgPVnd2PP22FBF/UsSjTCVH4w= =3yut -END PGP SIGNATURE-
[SE-2019-01] Java Card vulnerabilities (post shutdown release)
Hello All, Original reports that were submitted to Oracle and Gemalto have been posted to Security Explorations website: http://www.security-explorations.com/javacard_details.html This should help all interested parties to proceed with an independent evaluation of the issues, but also judge Oracle and Gemalto stance with respect to them. Thank you. Best Regards, adam gowdiak