Timo Juhani Lindfors | 3 May 12:31 2016
Picon
Picon
Gravatar

CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection


CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection
--------------------------------------------------------------------

Affected products
=================

At least Zabbix Agent 1:3.0.1-1+wheezy from
http://repo.zabbix.com/zabbix/3.0/debian is vulnerable. Other versions
were not tested.

Background
==========

"Zabbix agent is deployed on a monitoring target to actively monitor
 local resources and applications (hard drives, memory, processor
 statistics etc).

 The agent gathers operational information locally and reports data to
 Zabbix server for further processing. In case of failures (such as a
 hard disk running full or a crashed service process), Zabbix server
 can actively alert the administrators of the particular machine that
 reported the failure.

 Zabbix agents are extremely efficient because of use of native system
 calls for gathering statistical information."

 -- https://www.zabbix.com/documentation/3.0/manual/concepts/agent

Description
(Continue reading)

Slackware Security Team | 2 May 22:39 2016

[slackware-security] mercurial (SSA:2016-123-01)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  mercurial (SSA:2016-123-01)

New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mercurial-3.8.1-i486-1_slack14.1.txz:  Upgraded.
  This update fixes possible arbitrary code execution when converting Git
  repos.  Mercurial prior to 3.8 allowed arbitrary code execution when using
  the convert extension on Git repos with hostile names.  This could affect
  automated code conversion services that allow arbitrary repository names.
  This is a further side-effect of Git CVE-2015-7545.
  Reported and fixed by Blake Burkhart.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
  (* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

(Continue reading)

Security Alert | 2 May 18:10 2016

ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities



ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities

EMC Identifier: ESA-2016-041

CVE Identifier: CVE-2016-0892, CVE-2016-0893, CVE-2016-0894, CVE-2016-0895
 
Severity Rating: CVSSv3 Base Score : Please view details below for individual CVE scores
 
Affected Products:
 
·         RSA Data Loss Prevention 9.6.SP2 P4
·         RSA Data Loss Prevention 9.6 SP2 P3
·         RSA Data Loss Prevention 9.6 SP2 P2
·         RSA Data Loss Prevention 9.6 SP2 P1
·         RSA Data Loss Prevention 9.6 SP2
·         RSA Data Loss Prevention 9.6 SP1
·         RSA Data Loss Prevention 9.6
 
Summary: 
RSA Data Loss Prevention 9.6.SP2 P5 contains fixes for multiple security vulnerabilities that could
potentially be exploited by malicious users to compromise the affected system. 
 
Details: 
Multiple components within the RSA Data Loss Prevention have been updated to address various vulnerabilities:
 
·        Reflected Cross-Site Scripting (XSS) Vulnerability - CVE-2016-0892
(Continue reading)

Sebastien Delafond | 2 May 15:02 2016
Picon
Gravatar

[SECURITY] [DSA 3565-1] botan1.10 security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3565-1                   security <at> debian.org
https://www.debian.org/security/                       Sebastien Delafond
May 02, 2016                          https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : botan1.10
CVE ID         : CVE-2015-5726 CVE-2015-5727 CVE-2015-7827 CVE-2016-2194 
                 CVE-2016-2195 CVE-2016-2849
Debian Bug     : 817932 822698

Several security vulnerabilities were found in botan1.10, a C++
library which provides support for many common cryptographic
operations, including encryption, authentication, X.509v3 certificates
and CRLs.

CVE-2015-5726
    The BER decoder would crash due to reading from offset 0 of an
    empty vector if it encountered a BIT STRING which did not contain
    any data at all. This can be used to easily crash applications
    reading untrusted ASN.1 data, but does not seem exploitable for
    code execution.

CVE-2015-5727
    The BER decoder would allocate a fairly arbitrary amount of memory
    in a length field, even if there was no chance the read request
    would succeed. This might cause the process to run out of memory or
    invoke the OOM killer.

(Continue reading)

Michael Gilbert | 2 May 14:27 2016
Picon

[SECURITY] [DSA 3564-1] chromium-browser security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3564-1                   security <at> debian.org
https://www.debian.org/security/                          Michael Gilbert
May 02, 2016                          https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2016-1660 CVE-2016-1661 CVE-2016-1662 CVE-2016-1663
                 CVE-2016-1664 CVE-2016-1665 CVE-2016-1666

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1660

    Atte Kettunen discovered an out-of-bounds write issue.

CVE-2016-1661

    Wadih Matar discovered a memory corruption issue.

CVE-2016-1662

    Rob Wu discovered a use-after-free issue related to extensions.

CVE-2016-1663

    A use-after-free issue was discovered in Blink's bindings to V8.

CVE-2016-1664
(Continue reading)

Moritz Muehlenhoff | 1 May 22:37 2016
Picon

[SECURITY] [DSA 3563-1] poppler security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3563-1                   security <at> debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 01, 2016                          https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : poppler
CVE ID         : CVE-2015-8868

It was discovered that a heap overflow in the Poppler PDF library may
result in denial of service and potentially the execution of arbitrary
code if a malformed PDF file is opened.

For the stable distribution (jessie), this problem has been fixed in
version 0.26.5-2+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 0.38.0-3.

For the unstable distribution (sid), this problem has been fixed in
version 0.38.0-3.

We recommend that you upgrade your poppler packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce <at> lists.debian.org
(Continue reading)

Salvatore Bonaccorso | 1 May 14:04 2016
Picon

[SECURITY] [DSA 3562-1] tardiff security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3562-1                   security <at> debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 01, 2016                          https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : tardiff
CVE ID         : CVE-2015-0857 CVE-2015-0858

Several vulnerabilities were discovered in tardiff, a tarball comparison
tool. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2015-0857

    Rainer Mueller and Florian Weimer discovered that tardiff is prone
    to shell command injections via shell meta-characters in filenames
    in tar files or via shell meta-characters in the tar filename
    itself.

CVE-2015-0858

    Florian Weimer discovered that tardiff uses predictable temporary
    directories for unpacking tarballs. A malicious user can use this
    flaw to overwrite files with permissions of the user running the
    tardiff command line tool.

For the stable distribution (jessie), these problems have been fixed in
version 0.1-2+deb8u2.
(Continue reading)

Rahul Pratap Singh | 1 May 13:32 2016
Picon
Gravatar

Exploit-DB Captcha Bypass

## FULL DISCLOSURE

#Exploit Author : Rahul Pratap Singh
#Home page Link : https://www.exploit-db.com/
#Website : https://0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 1/5/2016

----------------------------------------
Description:
----------------------------------------
Exploit-DB implemented a weak captcha which could be cracked easily.

----------------------------------------
POC:
----------------------------------------
https://www.youtube.com/watch?v=Zb-RfYNqLKQ

Vulnerability Disclosure Timeline:
→ March 19, 2016  – Bug discovered, initial report to Offensive Security
Team
→ March 23, 2016  – No Response. Bug Patched, Google Re-Captcha Implemented
→ March 23, 2016  – Email sent again for update
→ March 23, 2016  – Vendor Response. Captcha Bypass not a security Issue

Thanks to Debasish Mandal for the original script.

Pub Ref:
https://0x62626262.wordpress.com/2016/05/01/exploit-db-captcha-cracked

(Continue reading)

Slackware Security Team | 30 Apr 22:34 2016

[slackware-security] subversion (SSA:2016-121-01)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  subversion (SSA:2016-121-01)

New subversion packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/subversion-1.7.22-i486-2_slack14.1.txz:  Rebuilt.
  This update patches two security issues:
  CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm.
  CVE-2016-2168: Remotely triggerable DoS vulnerability in mod_authz_svn
    during COPY/MOVE authorization check.
  For more information, see:
    http://subversion.apache.org/security/CVE-2016-2167-advisory.txt
    http://subversion.apache.org/security/CVE-2016-2168-advisory.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168
  (* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)
(Continue reading)

Slackware Security Team | 29 Apr 23:57 2016

[slackware-security] php (SSA:2016-120-02)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  php (SSA:2016-120-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.21-i486-1_slack14.1.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    http://php.net/ChangeLog-5.php#5.6.21
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074
  (* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
(Continue reading)

Slackware Security Team | 29 Apr 23:57 2016

[slackware-security] ntp (SSA:2016-120-01)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  ntp (SSA:2016-120-01)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz:  Upgraded.
  This release patches several low and medium severity security issues:
  CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering
  CVE-2016-1549: Sybil vulnerability: ephemeral association attack,
    AKA: ntp-sybil - MITIGATION ONLY
  CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion
    botch
  CVE-2016-2517: Remote configuration trustedkey/requestkey values are not
    properly validated
  CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with
    MATCH_ASSOC
  CVE-2016-2519: ctl_getitem() return value not always checked
  CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos
  CVE-2016-1548: Interleave-pivot - MITIGATION ONLY
  CVE-2015-7704: KoD fix: peer associations were broken by the fix for
    NtpBug2901, AKA: Symmetric active/passive mode is broken
  CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks
  CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,
    authdecrypt-timing, AKA: authdecrypt-timing
(Continue reading)


Gmane