Security Alert | 3 Sep 17:18 2015

ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability



ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability

EMC Identifier: ESA-2015-144

CVE Identifier: CVE-2015-4544

Severity Rating: CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)

Affected products: 

•	EMC Documentum Content Server prior to 7.0
•	EMC Documentum Content Server 7.0
•	EMC Documentum Content Server 7.1
•	EMC Documentum Content Server 7.2

Summary:  

EMC Documentum Content Server includes a Privilege Escalation Vulnerability that could potentially be
exploited by malicious, regular users to perform certain actions as the superuser. 

Details:  

Unprivileged Content Server users may potentially escalate their privileges to become a superuser by
creating and performing malicious operations on dm_job objects. This is due to improper authorization
checks being performed on such objects and some of their attributes. The previous fix for CVE-2014-4626
was incomplete.
(Continue reading)

Vulnerability Lab | 3 Sep 15:05 2015

Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities

Document Title:
===============
Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1591

Download: http://www.zhone.com/support/downloads/cpe/6218-I2/6218-I2_R030220_AnnexA.zip

Release Date:
=============
2015-09-03

Vulnerability Laboratory ID (VL-ID):
====================================
1591

Common Vulnerability Scoring System:
====================================
8.8

Product & Service Introduction:
===============================
At Zhone, Bandwidth Changes Everything™ is more than just a tag line. It is our focus, our fundamental
belief and philosophy in 
developing carrier and enterprise-grade fiber access solutions for our customers ensuring bandwidth is
never a constraint in the future!

(Copy of the Vendor Homepage: http://www.zhone.com/support/ )
(Continue reading)

hdau | 3 Sep 12:51 2015
Picon

Checkmarx CxQL Sandbox bypass (CVE-2014-8778)

Checkmarx CxQL Sandbox bypass (CVE-2014-8778)

Vendor: Checkmarx - www.checkmarx.com
Product: CxSuite
Version affected: 7.1.5 and prior

Credit: Huy-Ngoc DAU ( <at> ngocdh) of Deloitte Conseil, France

================================
Introduction
================================
Checkmarx is a static source code analysis suite (https://www.checkmarx.com).

CxQL (Checkmarx Query Language) is a CSharp-based language defined by Checkmarx to query source code.
CSharp critical classes/functions calls are however not allowed due to security reasons.

CxQL can be executed on two locations:
 - Remotely on Checkmarx server if the analyzed source code is uploaded via the web interface,
 - Or locally in CxAudit (a thick client connected to the enterprise Checkmarx server), installed on an
auditor's code review workstation.

We identified a possibility of bypass that would allow execution of arbitrary and unauthorized CSharp
code in those contexts, and thus compromise the security of the machine on which the code is executed,
either a Checkmarx server or an auditor's workstation. 

The following scenarios describe attacks where this bypass is possible:
 - An auditor (a specific user allowed to execute his own CxQL queries) having only access to the Citrix
interface of CxAudit can take control of the workstation,
 - A Checkmarx administrator having only access to Checkmarx web interface can take control of the
Checkmarx enterprise server, and CxAudit workstations by injecting malicious code into default queries.
(Continue reading)

sven.freund | 3 Sep 09:36 2015
Picon

[SYSS-2015-016] Avaya one-X® Agent - Hard-coded Cryptographic Key

Advisory ID: SYSS-2015-016
Product: Avaya one-X® Agent Release 2.5 SP2 Client Software 
Vendor: Avaya Inc.
Affected Version(s): 2.5.50022.0
Tested Version(s): 2.5.50022.0
Vulnerability Type: Cryptographic Issues (CWE-310) 
                    Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: Medium
Solution Status: Fixed
Vendor Notification: 2015-03-06
Solution Date: 2015-04-22
Public Disclosure: 2015-08-05
CVE Reference: Not yet assigned
Author of Advisory: Sven Freund (SySS GmbH)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

Avaya one-X® Agent is an integrated telephony softphone solution, which
provides many communication functionalities, for instance, seamless
connectivity to at-home agents, remote agents, out-sourced agents,
contact center agents, and agents interacting with clients with speech
and hearing impairments.

The vendor Avaya describes the product as follows (see [1]):

Avaya one-X® Agent is a desktop application built specifically to meet
the needs of contact center agents and supervisors. Avaya one-X Agent
gives contact center users the tools they need to be more productive,
(Continue reading)

Slackware Security Team | 2 Sep 21:40 2015

[slackware-security] bind (SSA:2015-245-01)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  bind (SSA:2015-245-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/bind-9.9.7_P3-i486-1_slack14.1.txz:  Upgraded.
  This update fixes two denial-of-service vulnerabilities:
  + CVE-2015-5722 is a denial-of-service vector which can be
  exploited remotely against a BIND server that is performing
  validation on DNSSEC-signed records.  Validating recursive
  resolvers are at the greatest risk from this defect, but it has not
  been ruled out that it could be exploited against an
  authoritative-only nameserver under limited conditions.  Servers
  that are not performing validation are not vulnerable.  However,
  ISC does not recommend disabling validation as a workaround to
  this issue as it exposes the server to other types of attacks.
  Upgrading to the patched versions is the recommended solution.
  All versions of BIND since 9.0.0 are vulnerable to CVE-2015-5722.
  + CVE-2015-5986 is a denial-of-service vector which can be used
  against a BIND server that is performing recursion.  Validation
  is not required.  Recursive resolvers are at the greatest risk
  from this defect, but it has not been ruled out that it could
  be exploited against an authoritative-only nameserver under
  limited conditions.
(Continue reading)

Moritz Muehlenhoff | 2 Sep 23:47 2015
Picon

[SECURITY] [DSA 3350-1] bind9 security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3350-1                   security <at> debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 02, 2015                    https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : bind9
CVE ID         : CVE-2015-5722

Hanno Boeck discovered that incorrect validation of DNSSEC-signed records
in the Bind DNS server could result in denial of service.

Updates for the oldstable distribution (wheezy) will be released shortly.

For the stable distribution (jessie), this problem has been fixed in
version 9.9.5.dfsg-9+deb8u3.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your bind9 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce <at> lists.debian.org
Picon

FreeBSD Security Advisory FreeBSD-SA-15:23.bind


=============================================================================
FreeBSD-SA-15:23.bind                                       Security Advisory
                                                          The FreeBSD Project

Topic:          BIND remote denial of service vulnerability

Category:       contrib
Module:         bind
Announced:      2015-09-02
Credits:        ISC
Affects:        FreeBSD 9.x
Corrected:      2015-09-02 20:06:46 UTC (stable/9, 9.3-STABLE)
                2015-09-02 20:07:03 UTC (releng/9.3, 9.3-RELEASE-p25)
CVE Name:       CVE-2015-5722

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.

I.   Background

BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server.  The libdns
library is a library of DNS protocol support functions.

II.  Problem Description

Parsing a malformed DNSSEC key can cause a validating resolver to exit
due to a failed assertion in buffer.c.
(Continue reading)

Salvatore Bonaccorso | 2 Sep 18:22 2015
Picon

[SECURITY] [DSA 3348-1] qemu security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3348-1                   security <at> debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 02, 2015                    https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : qemu
CVE ID         : CVE-2015-3214 CVE-2015-5154 CVE-2015-5165 CVE-2015-5225 
                 CVE-2015-5745
Debian Bug     : 793811 794610 795087 795461 796465

Several vulnerabilities were discovered in qemu, a fast processor
emulator.

CVE-2015-3214

    Matt Tait of Google's Project Zero security team discovered a flaw
    in the QEMU i8254 PIT emulation. A privileged guest user in a guest
    with QEMU PIT emulation enabled could potentially use this flaw to
    execute arbitrary code on the host with the privileges of the
    hosting QEMU process.

CVE-2015-5154

    Kevin Wolf of Red Hat discovered a heap buffer overflow flaw in the
    IDE subsystem in QEMU while processing certain ATAPI commands. A
    privileged guest user in a guest with the CDROM drive enabled could
    potentially use this flaw to execute arbitrary code on the host with
    the privileges of the hosting QEMU process.
(Continue reading)

Salvatore Bonaccorso | 2 Sep 18:22 2015
Picon

[SECURITY] [DSA 3349-1] qemu-kvm security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3349-1                   security <at> debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 02, 2015                    https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : qemu-kvm
CVE ID         : CVE-2015-5165 CVE-2015-5745

Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution on x86 hardware.

CVE-2015-5165

    Donghai Zhu discovered that the QEMU model of the RTL8139 network
    card did not sufficiently validate inputs in the C+ mode offload
    emulation, allowing a malicious guest to read uninitialized memory
    from the QEMU process's heap.

CVE-2015-5745

    A buffer overflow vulnerability was discovered in the way QEMU
    handles the virtio-serial device. A malicious guest could use this
    flaw to mount a denial of service (QEMU process crash).

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.1.2+dfsg-6+deb7u9.

We recommend that you upgrade your qemu-kvm packages.
(Continue reading)

Picon

Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability


Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director
Remote File Overwrite Vulnerability

Advisory ID: cisco-sa-20150902-cimcs

Revision 1.0

For Public Release 2015 September 2 16:00  UTC (GMT)

+-----------------------------------------------------------------------

Summary
=======
Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director contain a remote file
overwrite vulnerability that could allow an unauthenticated, remote attacker to overwrite arbitrary
system files, resulting in system instability or a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs

Sébastien Delafond | 2 Sep 16:14 2015
Picon

[SECURITY] [DSA 3347-1] pdns security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3347-1                   security <at> debian.org
https://www.debian.org/security/                       Sebastien Delafond
September 02, 2015                    https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : pdns
CVE ID         : CVE-2015-5230

Pyry Hakulinen and Ashish Shakla at Automattic discovered that pdns,
an authoritative DNS server, was incorrectly processing some DNS
packets; this would enable a remote attacker to trigger a DoS by
sending specially crafted packets causing the server to crash. 

For the stable distribution (jessie), this problem has been fixed in
version 3.4.1-4+deb8u3.

For the testing distribution (stretch) and unstable distribution
(sid), this problem has been fixed in version 3.4.6-1.

We recommend that you upgrade your pdns packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce <at> lists.debian.org

Gmane