Vulnerability Lab | 28 Jul 10:30 2014

Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability

Document Title:
===============
Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1118

Barracuda Networks Security ID (BNSEC):  BNSEC-1052
https://www.barracuda.com/support/knowledgebase/501600000013lYI

Solution #00006606
BNSEC-01052: Non-persistent XSS in Barracuda Spam and Virus Firewall v5.1.3

Release Date:
=============
2014-07-25

Vulnerability Laboratory ID (VL-ID):
====================================
1118

Common Vulnerability Scoring System:
====================================
2.9

Product & Service Introduction:
===============================
For efficient, effective corporate communication and collaboration, today’s organizations need
more than just 
(Continue reading)

Salvatore Bonaccorso | 27 Jul 19:53 2014
Picon

[SECURITY] [DSA 2991-1] modsecurity-apache security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-2991-1                   security <at> debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
July 27, 2014                          http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : modsecurity-apache
CVE ID         : CVE-2013-5705

Martin Holst Swende discovered a flaw in the way chunked requests are
handled in ModSecurity, an Apache module whose purpose is to tighten the
Web application security. A remote attacker could use this flaw to
bypass intended mod_security restrictions by using chunked transfer
coding with a capitalized Chunked value in the Transfer-Encoding HTTP
header, allowing to send requests containing content that should have
been removed by mod_security.

For the stable distribution (wheezy), this problem has been fixed in
version 2.6.6-6+deb7u2.

For the testing distribution (jessie), this problem has been fixed in
version 2.7.7-1.

For the unstable distribution (sid), this problem has been fixed in
version 2.7.7-1.

We recommend that you upgrade your modsecurity-apache packages.

Further information about Debian Security Advisories, how to apply
(Continue reading)

Salvatore Bonaccorso | 27 Jul 16:18 2014
Picon

[SECURITY] [DSA 2990-1] cups security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-2990-1                   security <at> debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
July 27, 2014                          http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : cups
CVE ID         : CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031

It was discovered that the web interface in CUPS, the Common UNIX
Printing System, incorrectly validated permissions on rss files and
directory index files. A local attacker could possibly use this issue
to bypass file permissions and read arbitrary files, possibly leading
to a privilege escalation.

For the stable distribution (wheezy), these problems have been fixed in
version 1.5.3-5+deb7u4.

For the unstable distribution (sid), these problems have been fixed in
version 1.7.4-2.

We recommend that you upgrade your cups packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce <at> lists.debian.org
(Continue reading)

security-alert | 25 Jul 22:54 2014
Picon

[security bulletin] HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of Service (DoS)


Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03993467

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03993467
Version: 1

HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of
Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-07-25
Last Updated: 2014-07-25

Potential Security Impact: Remote Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP and H3C VPN
Firewall Module Products. The vulnerability could be remotely exploited
resulting in a Denial of Service (DoS).

References: CVE-2013-4840 (SSRT101341)

(Continue reading)

Ralf Senderek | 25 Jul 20:49 2014
Picon

Web Encryption Extension security update


Revision:         1.0
Last Updated:     25 July 2014
First Published:  25 July 2014

Summary:
         A security issue was found in the Web Encryption Extension.

         Authenticated users are able to modify the content of https request
         fields to insert code into the pipeline mechanism of PHP.

Severity:         High

Affected Software Versions:

         All versions of the Web Encryption Extension prior to version 3.0

Impact:

         Authenticated users of the Web Encryption Extension are able to
         inject code into user provided input, that will be executed with
         web server permissions.

Fixes:

         The vulnerability has been fixed in WEE version 3.0, upgrades to
         this version must replace all active instances of WEE.

         The following downloads are available:

(Continue reading)

joseph.giron13 | 25 Jul 06:31 2014
Picon

Easy file sharing web server - persist XSS in forum msgs

I saw a posting a month or 2 ago for a BOF in an FTP server belonging to EFS Software here: http://www.securityfocus.com/bid/19243
At first there was no additional details provided and I hunted up and down before finding it after some
fuzzing (stack smash in password).

While on the hunt, I found one not listed.

Easy file sharing web server - XSS in forum messages. 

Its persistent XSS. Don't see that much these days. The BB code (which looks suspiciously like it was lifted
from PHPBB) fails to filter javascript and other html attributes from the posts.

Example exploit in test message:
[IMG]testing123" onmouseover="alert('10000')">[/IMG]

Peeking inside with IDA, we see why:
.data:0055D61C ; char aImgSrcSBorde_0[]
.data:0055D61C aImgSrcSBorde_0 db '<img src=%s border=0>',0 ; DATA XREF: sub_41B930+49F
.data:0055D61C                                         ; sub_41FC10+6B2 ...
Following the subroutine, there's no real formatting or escaping done. I mean the forum posting does
attempt some form of filtering, but its bypassed easily.

Stefan Fritsch | 25 Jul 00:19 2014
Picon

[SECURITY] [DSA 2989-1] apache2 security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-2989-1                   security <at> debian.org
http://www.debian.org/security/                            Stefan Fritsch
July 24, 2014                          http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : apache2
CVE ID         : CVE-2014-0118 CVE-2014-0226 CVE-2014-0231

Several security issues were found in the Apache HTTP server.

CVE-2014-0118

    The DEFLATE input filter (inflates request bodies) in mod_deflate
    allows remote attackers to cause a denial of service (resource
    consumption) via crafted request data that decompresses to a much
    larger size.

CVE-2014-0226

    A race condition was found in mod_status. An attacker able to
    access a public server status page on a server could send carefully
    crafted requests which could lead to a heap buffer overflow,
    causing denial of service, disclosure of sensitive information, or
    potentially the execution of arbitrary code.

CVE-2014-0231

    A flaw was found in mod_cgid. If a server using mod_cgid hosted
(Continue reading)

dkl | 24 Jul 23:20 2014

Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issue has been discovered
in Bugzilla:

* An attacker can get access to some bug information using
  the victim's credentials using a specially crafted HTML page.

All affected installations are encouraged to upgrade as soon as
possible.

Vulnerability Details
=====================

Class:       Cross Site Request Forgery
Versions:    3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, 4.5.1 to 4.5.4
Fixed In:    4.0.14, 4.2.10, 4.4.5, 4.5.5
Description: Adobe does not properly restrict the SWF file format,
             which allows remote attackers to conduct cross-site
             request forgery (CSRF) attacks against Bugzilla's JSONP
             endpoint, possibly obtaining sensitive bug information,
             via a crafted OBJECT element with SWF content satisfying
             the character-set requirements of a callback API.
References:  https://bugzilla.mozilla.org/show_bug.cgi?id=1036213
CVE Number:  CVE-2014-1546

Vulnerability Solutions
=======================
(Continue reading)

Moritz Muehlenhoff | 24 Jul 21:42 2014
Picon

[SECURITY] [DSA 2988-1] transmission security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-2988-1                   security <at> debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
July 24, 2014                          http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : transmission
CVE ID         : CVE-2014-4909

Ben Hawkes discovered that incorrect handling of peer messages in the
Transmission bittorrent client could result in denial of service or the
execution of arbitrary code.

For the stable distribution (wheezy), this problem has been fixed in
version 2.52-3+nmu2.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your transmission packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce <at> lists.debian.org
Slackware Security Team | 24 Jul 03:36 2014

[slackware-security] mozilla-thunderbird (SSA:2014-204-03)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  mozilla-thunderbird (SSA:2014-204-03)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-24.7.0-i486-1_slack14.1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mozilla-thunderbird-24.7.0-i486-1_slack14.1.txz
(Continue reading)

Vulnerability Lab | 24 Jul 15:33 2014

Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398

Document Title:
===============
Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1102

Barracuda Networks Security ID (BNSEC): BNSEC-2398
https://www.barracuda.com/support/knowledgebase/501600000013m1P

Video: http://www.vulnerability-lab.com/get_content.php?id=1210

Vulnerability Magazine: http://vulnerability-db.com/magazine/articles/2014/07/23/barracuda-networks-patched-bnsec-2398-bulletin-firewall-appliance-application

View Video: http://www.youtube.com/watch?v=-cTO7ork6Hg

Solution #00006613
BNSEC-02398: Authenticated non- & persistent validation vulnerability in Barracuda Firewall v6.1.2

Release Date:
=============
2014-07-23

Vulnerability Laboratory ID (VL-ID):
====================================
1102

Common Vulnerability Scoring System:
====================================
(Continue reading)


Gmane