FreeBSD Security Advisories | 21 Oct 23:12 2014
Picon

FreeBSD Security Advisory FreeBSD-SA-14:23.openssl


=============================================================================
FreeBSD-SA-14:23.openssl                                    Security Advisory
                                                          The FreeBSD Project

Topic:          OpenSSL multiple vulnerabilities

Category:       contrib
Module:         openssl
Announced:      2014-10-21
Affects:        All supported versions of FreeBSD.
Corrected:      2014-10-15 19:59:43 UTC (stable/10, 10.1-PRERELEASE)
                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC3)
                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC2-p1)
                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-RC1-p1)
                2014-10-21 19:00:32 UTC (releng/10.1, 10.1-BETA3-p1)
                2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)
                2014-10-15 20:28:31 UTC (stable/9, 9.3-STABLE)
                2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)
                2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)
                2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)
                2014-10-15 20:28:31 UTC (stable/8, 8.4-STABLE)
                2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17)
CVE Name:       CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background
(Continue reading)

FreeBSD Security Advisories | 21 Oct 23:12 2014
Picon

FreeBSD Security Advisory FreeBSD-SA-14:21.routed


=============================================================================
FreeBSD-SA-14:21.routed                                     Security Advisory
                                                          The FreeBSD Project

Topic:		routed(8) remote denial of service vulnerability

Category:       core
Module:         routed
Announced:      2014-10-21
Credits:        Hiroki Sato
Affects:        All supported versions of FreeBSD.
Corrected:      2014-10-21 20:20:07 UTC (stable/10, 10.1-PRERELEASE)
                2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC2-p1)
                2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC1-p1)
                2014-10-21 20:20:36 UTC (releng/10.1, 10.1-BETA3-p1)
                2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)
                2014-10-21 20:20:17 UTC (stable/9, 9.3-STABLE)
                2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)
                2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)
                2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)
                2014-10-21 20:20:26 UTC (stable/8, 8.4-STABLE)
                2014-10-21 20:21:27 UTC (releng/8.4, 8.4-RELEASE-p17)
CVE Name:       CVE-2014-3955

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background
(Continue reading)

FreeBSD Security Advisories | 21 Oct 23:12 2014
Picon

FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold


=============================================================================
FreeBSD-SA-14:20.rtsold                                     Security Advisory
                                                          The FreeBSD Project

Topic:          rtsold(8) remote buffer overflow vulnerability

Category:       core
Module:         rtsold
Announced:      2014-10-21
Credits:        Florian Obser, Hiroki Sato
Affects:        FreeBSD 9.1 and later.
Corrected:      2014-10-21 20:20:07 UTC (stable/10, 10.1-PRERELEASE)
                2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC2-p1)
                2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC1-p1)
                2014-10-21 20:20:36 UTC (releng/10.1, 10.1-BETA3-p1)
                2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)
                2014-10-21 20:20:17 UTC (stable/9, 9.3-STABLE)
                2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)
                2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)
                2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)
CVE Name:       CVE-2014-3954

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background

As part of the stateless addess autoconfiguration (SLAAC) mechanism,
(Continue reading)

FreeBSD Security Advisories | 21 Oct 23:12 2014
Picon

FreeBSD Security Advisory FreeBSD-SA-14:22.namei


=============================================================================
FreeBSD-SA-14:22.namei                                      Security Advisory
                                                          The FreeBSD Project

Topic:          memory leak in sandboxed namei lookup

Category:       core
Module:         kernel
Announced:      2014-10-21
Credits:        Mateusz Guzik
Affects:        FreeBSD 9.1 and later.
Corrected:      2014-10-21 20:20:07 UTC (stable/10, 10.1-PRERELEASE)
                2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC2-p1)
                2014-10-21 20:20:36 UTC (releng/10.1, 10.1-RC1-p1)
                2014-10-21 20:20:36 UTC (releng/10.1, 10.1-BETA3-p1)
                2014-10-21 20:21:10 UTC (releng/10.0, 10.0-RELEASE-p10)
                2014-10-21 20:20:17 UTC (stable/9, 9.3-STABLE)
                2014-10-21 20:21:10 UTC (releng/9.3, 9.3-RELEASE-p3)
                2014-10-21 20:21:10 UTC (releng/9.2, 9.2-RELEASE-p13)
                2014-10-21 20:21:10 UTC (releng/9.1, 9.1-RELEASE-p20)
CVE Name:       CVE-2014-3711

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background

The namei kernel facility is responsible for performing and caching
(Continue reading)

icete.secretariat | 21 Oct 17:19 2014

CFP The 12th International Joint Conference on e-business and Telecommunications ICETE 2015

Conference name: 
The 12th International Joint Conference on e-business and Telecommunications – ICETE 2015

Venue:
Colmar, Alsace, France

Event date:
20 – 22 July, 2015

Regular Papers

Paper Submission: March 3, 2015 
Authors Notification: April 28, 2015 
Camera Ready and Registration: May 12, 2015 

Position Papers

Paper Submission: April 15, 2015 
Authors Notification: May 19, 2015 
Camera Ready and Registration: June 1, 2015

Workshops
Workshop Proposal: February 17, 2015

Special Sessions
Special Session Proposal: February 27, 2015

Tutorials, Demos, Panels
March 23, 2015

(Continue reading)

Vulnerability Lab | 21 Oct 14:42 2014

FileBug v1.5.1 iOS - Path Traversal Web Vulnerability

Document Title:
===============
FileBug v1.5.1 iOS - Path Traversal Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1342

Release Date:
=============
2014-10-15

Vulnerability Laboratory ID (VL-ID):
====================================
1342

Common Vulnerability Scoring System:
====================================
5.1

Product & Service Introduction:
===============================
FileBug is a file manager and document viewer for iPhone and iPod touch. You can store and view your
documents, 
transferring them easily from Mac or PC, reading them anywhere and share with friends. FileBug is so easy to
use. 
It can catch documents from many source, computer, web sites, email attachments, Dropbox…etc. It
provides high 
quality view and excellent support for PDF. All files are saved to your device locally and them can be 
protected through password.
(Continue reading)

Vulnerability Lab | 21 Oct 14:39 2014

Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities

Document Title:
===============
Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1341

Release Date:
=============
2014-10-14

Vulnerability Laboratory ID (VL-ID):
====================================
1341

Common Vulnerability Scoring System:
====================================
8.7

Product & Service Introduction:
===============================
Store and view your documents, transferring them easily from any Mac or PC. High quality viewers,
including support for PDF, 
Office, iWork & images. Full integration with Box, Dropbox, Google Drive & OneDrive [Pro feature]. Play
music; watch movies; 
access your cloud storage or download from the internet.

(Copy of the Vendor Homepage:
https://itunes.apple.com/us/app/files-document-pdf-reader/id294150896 )
(Continue reading)

Larry W. Cashdollar | 21 Oct 14:38 2014

Vulnerabilities in WordPress Database Manager v2.7.1

Title: Vulnerabilities in WordPress Database Manager v2.7.1
Author: Larry W. Cashdollar,  <at> _larry0
Date: 10/13/2014
Download: https://wordpress.org/plugins/wp-dbmanager/
Downloads: 1,171,358
Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/
Contacted: 10/13/2014, Vulnerabilities addressed in v2.7.2.
Full Advisory: http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html
CVE: 2014-8334,2014-8335
OSVDBID: 113508,113507,113509

Description: "Allows you to optimize database, repair database, backup database, restore database,
delete backup database , drop/empty tables and run selected queries. Supports automatic scheduling of
backing up, optimizing and repairing of database."

Vulnerability: Plugin suffers from command injection, exposes MySQL database credentials to the
process table and allows the user to download system files via the ‘Run SQL Query’ feature. User
authentication with current_user_can('manage_database')) privileges are required.  The full
advisory has screen shots for illustration. 

PoC

Command Injection

The command that is sent through passthru() is the following:

/usr/bin/mysqldump --force --host="localhost" --user="root" --password="passwordhere" 
--default-character-set="utf8" --add-drop-table --skip-lock-tables wordpress > /usr/share/wordpress/wp-content/backup-db\';rce;\'/1413225588_-_wordpress.sql

rce is just a homebrew .c binary I wrote for testing command injections it creates a file
(Continue reading)

security | 21 Oct 10:56 2014

[ MDVSA-2014:201 ] kernel


 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:201
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : kernel
 Date    : October 21, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in the Linux
 kernel:

 The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel
 before 3.14.3 does not properly consider which pages must be locked,
 which allows local users to cause a denial of service (system crash) by
 triggering a memory-usage pattern that requires removal of page-table
 mappings (CVE-2014-3122).

 Multiple stack-based buffer overflows in the magicmouse_raw_event
 function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver
 in the Linux kernel through 3.16.3 allow physically proximate attackers
 to cause a denial of service (system crash) or possibly execute
 arbitrary code via a crafted device that provides a large amount of
 (1) EHCI or (2) XHCI data associated with an event (CVE-2014-3181).

(Continue reading)

security | 21 Oct 10:40 2014

[ MDVSA-2014:200 ] bugzilla


 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:200
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : bugzilla
 Date    : October 21, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated bugzilla packages fix security vulnerabilities:

 If a new comment was marked private to the insider group, and a flag
 was set in the same transaction, the comment would be visible to flag
 recipients even if they were not in the insider group (CVE-2014-1571).

 An attacker creating a new Bugzilla account can override certain
 parameters when finalizing the account creation that can lead to the
 user being created with a different email address than originally
 requested. The overridden login name could be automatically added to
 groups based on the group&#039;s regular expression setting (CVE-2014-1572).

 During an audit of the Bugzilla code base, several places were found
 where cross-site scripting exploits could occur which could allow an
 attacker to access sensitive information (CVE-2014-1573).
 _______________________________________________________________________
(Continue reading)

security | 21 Oct 10:33 2014

[ MDVSA-2014:199 ] perl


 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:199
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : perl
 Date    : October 21, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated perl and perl-Data-Dumper packages fixes security
 vulnerability:

 The Dumper method in Data::Dumper before 2.154, allows
 context-dependent attackers to cause a denial of service (stack
 consumption and crash) via an Array-Reference with many nested
 Array-References, which triggers a large number of recursive calls
 to the DD_dump function (CVE-2014-4330).

 The Data::Dumper module bundled with perl and the perl-Data-Dumper
 packages has been updated to fix this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4330
(Continue reading)


Gmane