Computer Security Vulnerabilities

Bret Jordan | 1 Feb 17:15

Picon

802.1X password exploit on many HTC Android devices

February 1, 2012

--------------------------------------------------------------------------------
Subject
--------------------------------------------------------------------------------
802.1X password exploit on many HTC Android devices

--------------------------------------------------------------------------------
Abstract
--------------------------------------------------------------------------------
There is an issue in certain HTC builds of Android that can expose the
user's 802.1X Wi-Fi credentials to any program with basic WI-FI
permissions.  When this is paired with the Internet access
permissions, which most applications have, an application could easily
send all stored Wi-Fi network credentials (user names, passwords, and
SSID information) to a remote server.  This exploit exposes
enterprise-privileged credentials in a manner that allows targeted
exploitation.

--------------------------------------------------------------------------------
Affected Vendors:
--------------------------------------------------------------------------------
HTC

--------------------------------------------------------------------------------
Affected Versions:
--------------------------------------------------------------------------------
We have verified the following devices as having this issue (there may
be others including some non-HTC phones):
Desire HD  (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40

(Continue reading)

advisory | 1 Feb 13:27

Picon

Multiple vulnerabilities in OpenEMR

Advisory ID: HTB23069
Product: OpenEMR
Vendor: OEMR
Vulnerable Version: 4.1.0 and probably prior
Tested Version: 4.1.0
Vendor Notification: 11 January 2012 
Vendor Patch: 29 January 2012 
Public Disclosure: 01 February 2012 
Vulnerability Type: Local File Inclusion, Arbitrary Command Execution
Solution Status: Fixed by Vendor
Risk Level: High 
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ ) 

----------------------------------------------------------------------------------------------------

Advisory Details:

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OpenEMR, which can
be exploited to perform local file inclusion and arbitrary command execution attacks.

1) Multiple Local File Inclusion vulnerabilities in OpenEMR

1.1 Input passed via the "formname" GET parameter to /contrib/acog/print_form.php is not properly
verified before being used to include local files. 
This can be exploited to include local files via directory traversal sequences and URL-encoded NULL bytes.

The following PoC (Proof of Concept) demostrates the vulnerability:

http://[host]/contrib/acog/print_form.php?formname=../../../etc/passwd%00

(Continue reading)

Security_Alert | 1 Feb 16:56

ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability


ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability. 

EMC Identifier: ESA-2012-009 
EMC Identifier: CS-16072 
EMC Identifier: CS-16073 

CVE Identifier: CVE-2011-4144 

Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)

Affected prodcuts: 
EMC Documentum Content Server 6.0 
EMC Documentum Content Server 6.5 
EMC Documentum Content Server 6.6 

Vulnerability Summary: 
EMC Documentum Content Server contains a privilege elevation vulnerability that may allow an
unauthorized user to obtain highest administrative privileges on the system.
 
Vulnerability Details: 
EMC Documentum Content Server contains a security vulnerability that may allow a system administrator to
elevate their or other users privileges to highest super user privileges without appropriate
authorization. Refer to EMC Documentum Content Server documentation for information on Documentum
Content Server user and group privileges.
 
Resolution:

(Continue reading)

security | 2 Feb 16:48

[ MDVSA-2012:012 ] apache


 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:012
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : apache
 Date    : February 2, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in apache
 (ASF HTTPD):

 The log_cookie function in mod_log_config.c in the mod_log_config
 module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded
 MPM is used, does not properly handle a \%{}C format string, which
 allows remote attackers to cause a denial of service (daemon crash)
 via a cookie that lacks both a name and a value (CVE-2012-0021).

 scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might
 allow local users to cause a denial of service (daemon crash during
 shutdown) or possibly have unspecified other impact by modifying
 a certain type field within a scoreboard shared memory segment,
 leading to an invalid call to the free function (CVE-2012-0031).

 protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not

(Continue reading)

Apple Product Security | 1 Feb 22:17

Picon

APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001


APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001

OS X Lion v10.7.3 and Security Update 2012-001 is now available and
addresses the following:

Address Book
Available for:  OS X Lion v10.7 to v10.7.2,
OS X Lion Server v10.7 to v10.7.2
Impact:  An attacker in a privileged network position may intercept
CardDAV data
Description:  Address Book supports Secure Sockets Layer (SSL) for
accessing CardDAV. A downgrade issue caused Address Book to attempt
an unencrypted connection if an encrypted connection failed. An
attacker in a privileged network position could abuse this behavior
to intercept CardDAV data. This issue is addressed by not downgrading
to an unencrypted connection without user approval.
CVE-ID
CVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation

Apache
Available for:  Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
Impact:  Multiple vulnerabilities in Apache
Description:  Apache is updated to version 2.2.21 to address several
vulnerabilities, the most serious of which may lead to a denial of
service. Further information is available via the Apache web site at
http://httpd.apache.org/
CVE-ID
CVE-2011-3348

(Continue reading)

asemailing | 1 Feb 20:55

Picon

Call For Paper

CALL FOR PAPER

2012 ASE/IEEE International Conference on Privacy, Security, Risk, and Trust
Amsterdam, The Netherlands, September 3-6, 2012
WebSite: http://www.asesite.org/conferences/PASSAT/2012/
Workshop Proposal Submission Deadline: March 1, 2012
Paper Submission Deadline:  May 11, 2012

================================================================
2012 ASE/IEEE International Conference on Cyber Security
Washington D.C., USA, October 5-7, 2012
Website: http://www.asesite.org/conferences/cybersecurity/2012/
Workshop Proposal Submission Deadline: April 30, 2012
Paper Submission Deadline: June 15, 2012

NOTICE: This e-mail correspondence is subject to Public Records Law and may be disclosed to third parties.

security-alert | 2 Feb 04:15

Picon

[security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code


SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03179046
Version: 1

HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-02-01
Last Updated: 2012-02-01

 ------------------------------------------------------------------------------

Potential Security Impact: Remote execution of arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Data Protector Media Operations. This
vulnerabilities could be remotely exploited to allow execution of arbitrary code.

References: CVE-2011-4791 (ZDI-CAN-956, ZDI-11-112)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector Media Operations version 6.11 and earlier, running on Windows platform (2003, XP, 2008)

BACKGROUND

(Continue reading)

security-alert | 2 Feb 20:02

Picon

[security bulletin] HPSBGN02740 SSRT100741 rev.1 - HP Operations Manager, Operations Agent, Performance Agent, Service Health Reporter, Service Health Optimizer, Performance Manager, Remote Execution of Arbitrary Code


SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03179825
Version: 1

HPSBGN02740 SSRT100741 rev.1 - HP Operations Manager, Operations Agent, Performance Agent, Service
Health Reporter, Service Health Optimizer, Performance Manager, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2012-02-02
Last Updated: 2012-02-02

Potential Security Impact: Remote execution of arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Operations Manager, Operations Agent,
Performance Agent, Service Health Reporter, Service Health Optimizer, and Performance Manager. The
vulnerability can be remotely exploited to execute arbitrary code.

References: CVE-2010-3864

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Operations Manager v8.16, v9.00
Operations Agent v8.6x.xxx , v11.x
Performance Agent v5.0
Service Health Reporter v9.1

(Continue reading)

Moritz Muehlenhoff | 2 Feb 20:29

Picon

[SECURITY] [DSA 2401-1] tomcat6 security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-2401-1                   security <at> debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
February 02, 2012                      http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : tomcat6
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 
                 CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063 
                 CVE-2011-5064 CVE-2012-0022 

Several vulnerabilities have been found in Tomcat, a servlet and JSP 
engine:

CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064

   The HTTP Digest Access Authentication implementation performed
   insufficient countermeasures against replay attacks.

CVE-2011-2204

   In rare setups passwords were written into a logfile.

CVE-2011-2526

   Missing input sanisiting in the HTTP APR or HTTP NIO connectors

(Continue reading)

Moritz Muehlenhoff | 2 Feb 20:52

Picon

[SECURITY] [DSA 2400-1] iceweasel security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-2400-1                   security <at> debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
February 02, 2012                      http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : iceweasel
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 

Several vulnerabilities have been discovered in Iceweasel, a web browser
based on Firefox. The included XULRunner library provides rendering 
services for several other applications included in Debian.

CVE-2011-3670

   Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, 
   resulting in potential information disclosure.

CVE-2012-0442

   Jesse Ruderman and Bob Clary discovered memory corruption bugs, which
   may lead to the execution of arbitrary code.

CVE-2012-0444

   "regenrecht" discovered that missing input sanisiting in the Ogg Vorbis

(Continue reading)

Group

gmane.comp.security.bugtraq.

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 14

Articles in period: 138

February 2012

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

Tftpd32 DHCP Server Denial Of Service Vulnerability (21 May 16:05)
[Announcement] CHMag's Issue 28, May 2012 Released (21 May 07:57)
[SECURITY] [DSA 2477-1] sympa security update (20 May 20:54)
PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version (20 May 11:56)
[SECURITY] [DSA 2476-1] pidgin-otr security update (19 May 21:30)
Call for Papers: The 7th International Conference for Internet Technol (19 May 10:21)
[ MDVSA-2012:079 ] sudo (21 May 18:05)
New Open Source Web Application Vulnerability Scanner Available (17 May 01:30)
[SECURITY] [DSA 2475-1] openssl security update (18 May 01:14)
[security bulletin] HPSBOV02780 SSRT100766 rev.1 - HP OpenVMS ACMELOGI (18 May 00:16)
[SECURITY] [DSA 2474-1] ikiwiki security update (17 May 07:17)
DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injectio (16 May 22:27)
[security bulletin] HPSBUX02782 SSRT100844 rev.1 - HP-UX Running OpenS (17 May 19:48)
[security bulletin] HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java (17 May 19:48)
[ MDVSA-2012:078 ] imagemagick (17 May 15:43)
[ MDVSA-2012:077 ] imagemagick (17 May 15:23)
[SECURITY] [DSA 2473-1] openoffice.org security update (17 May 00:04)
FlashPeak SlimBrowser TITLE Denial Of Service Vulnerability (16 May 17:12)
The story of the Linux kernel 3.x... (16 May 00:40)
Trigerring Java code from a SVG image (16 May 13:38)
[SECURITY] [DSA 2472-1] gridengine security update (16 May 07:54)

Archives

94	May 2012
188	April 2012
161	March 2012
134	February 2012
136	January 2012
155	December 2011
155	November 2011
151	October 2011
160	September 2011
159	August 2011
157	July 2011
117	June 2011
152	May 2011
212	April 2011
250	March 2011
158	February 2011
145	January 2011
216	December 2010
171	November 2010
221	October 2010
161	September 2010
269	August 2010
223	July 2010
178	June 2010
254	May 2010
186	April 2010
186	March 2010
160	February 2010
209	January 2010
256	December 2009
146	November 2009
261	October 2009
249	September 2009
271	August 2009
279	July 2009
284	June 2009
325	May 2009
316	April 2009
295	March 2009
255	February 2009
320	January 2009
273	December 2008
254	November 2008
284	October 2008
362	September 2008
323	August 2008
317	July 2008
249	June 2008
379	May 2008
344	April 2008
425	March 2008
477	February 2008
452	January 2008
385	December 2007
473	November 2007
491	October 2007
435	September 2007
517	August 2007
410	July 2007
412	June 2007
451	May 2007
511	April 2007
510	March 2007
579	February 2007
685	January 2007
464	December 2006
611	November 2006
568	October 2006
564	September 2006
606	August 2006
610	July 2006
796	June 2006
725	May 2006
628	April 2006
659	March 2006
602	February 2006
613	January 2006
415	December 2005
430	November 2005
441	October 2005
441	September 2005
473	August 2005
595	July 2005
366	June 2005
394	May 2005
568	April 2005
595	March 2005
567	February 2005
426	January 2005
536	December 2004
489	November 2004
396	October 2004
480	September 2004
439	August 2004
406	July 2004
527	June 2004
369	May 2004
456	April 2004
441	March 2004
730	February 2004
470	January 2004
372	December 2003
448	November 2003
460	October 2003
679	September 2003
477	August 2003
487	July 2003
282	June 2003
394	May 2003
425	April 2003
510	March 2003
411	February 2003
445	January 2003
287	December 2002
427	November 2002
453	October 2002
366	September 2002
407	August 2002
450	July 2002
379	June 2002
298	May 2002
426	April 2002
292	March 2002
1	December 2001
2	July 2001
1	July 2000
2	January 2000

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template