headers
security | 2 Jul 2012 16:59

[ MDVSA-2012:096-1 ] python


 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2012:096-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : python
 Date    : July 2, 2012
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in python:

 The _ssl module would always disable the CBC IV attack countermeasure
 (CVE-2011-3389).

 A flaw was found in the way the Python SimpleHTTPServer module
 generated directory listings. An attacker able to upload a file
 with a specially-crafted name to a server could possibly perform a
 cross-site scripting (XSS) attack against victims visiting a listing
 page generated by SimpleHTTPServer, for a directory containing
 the crafted file (if the victims were using certain web browsers)
 (CVE-2011-4940).

 A race condition was found in the way the Python distutils module
 set file permissions during the creation of the .pypirc file. If a
 local user had access to the home directory of another user who is
(Continue reading)

Permalink | Reply | 0 comments |
headers
security-alert | 2 Jul 2012 17:39
Picon
Favicon

[security bulletin] HPSBMU02781 SSRT100617 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL, Remote Execution of Arbitrary Code, Denial of Service (DoS)


Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03333585

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03333585
Version: 1

HPSBMU02781 SSRT100617 rev.1 - HP Network Node Manager i (NNMi) for HP-UX,
Linux, Solaris, and Windows running PostgreSQL, Remote Execution of Arbitrary
Code, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2012-07-02
Last Updated: 2012-07-02

Potential Security Impact: Remote execution of arbitrary code, Denial of
Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Network Node
Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL.
The vulnerabilities could be remotely exploited resulting in execution of
arbitrary code and Denial of Service (DoS) .
(Continue reading)

Permalink | Reply | 0 comments |
headers
security-alert | 2 Jul 2012 17:39
Picon
Favicon

[security bulletin] HPSBMU02783 SSRT100806 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)


Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03343724

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03343724
Version: 1

HPSBMU02783 SSRT100806 rev.1 - HP Network Node Manager i (NNMi) for HP-UX,
Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2012-07-02
Last Updated: 2012-07-02

Potential Security Impact: Remote cross site scripting (XSS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Network Node
Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities
could be remotely exploited resulting in cross site scripting (XSS).

References: CVE-2012-2018
(Continue reading)

Permalink | Reply | 0 comments |
headers
Research@NGSSecure | 2 Jul 2012 18:42

NGS00196 Patch Notification: Nagios XI Network Monitor OS Command Injection

High Risk Vulnerability in Nagios XI Network Monitor 

2 July 2012

Daniel Compton of NCC Group has discovered a High risk vulnerability in Nagios XI Network Monitor

Impact: Nagios XI Network Monitor OS Command Injection

Versions affected:
Nagios XI Network Monitor 2011R1.9

An updated version of the software has been released to address these vulnerabilities:
Resolved in SVN 1.3 of Graph Explorer - http://exchange.nagios.org/directory/Addons/Components/Graph-Explorer-Component/details

NCC Group is going to withhold details of these flaws for three months. This three month window will allow
users the time needed to apply the patch before the details are released to the general public. This
reflects the NCC Group approach to responsible disclosure.

NCC Group Research
http://www.nccgroup.com
Permalink | Reply | 0 comments |
headers
Research@NGSSecure | 2 Jul 2012 18:44

NGS00194 Patch Notification: Nagios XI Network Monitor Blind SQL Injection

High Risk Vulnerability in Nagios XI Network Monitor 

2 July 2012

Daniel Compton of NCC Group has discovered a High risk vulnerability in Nagios XI Network Monitor

Impact: Nagios XI Network Monitor Blind SQL Injection

Versions affected:
Nagios XI Network Monitor 2011R1.9

An updated version of the software has been released to address these vulnerabilities:
http://labs.nagios.com/2012/04/13/nagios-xi-ccm-full-beta/

NCC Group is going to withhold details of these flaws for three months. This three month window will allow
users the time needed to apply the patch before the details are released to the general public. This
reflects the NCC Group approach to responsible disclosure.

NCC Group Research
http://www.nccgroup.com
Permalink | Reply | 0 comments |
headers
Research@NGSSecure | 2 Jul 2012 18:46

NGS00195 Patch Notification: Nagios XI Network Monitor Stored and Reflected XSS

High Risk Vulnerability in Nagios XI Network Monitor 

2 July 2012

Daniel Compton of NCC Group has discovered a High risk vulnerability in Nagios XI Network Monitor

Impact: Nagios XI Network Monitor Stored and Reflected XSS

Versions affected:
Nagios XI Network Monitor 2011R1.9

An updated version of the software has been released to address these vulnerabilities:
http://tracker.nagios.org/view.php?id=284

Fixed in release XI 2011r3.0

http://assets.nagios.com/downloads/nagiosxi/CHANGES-2011.TXT

NCC Group is going to withhold details of these flaws for three months. This three month window will allow
users the time needed to apply the patch before the details are released to the general public. This
reflects the NCC Group approach to responsible disclosure.

NCC Group Research
http://www.nccgroup.com
Permalink | Reply | 0 comments |
headers
Research@NGSSecure | 2 Jul 2012 19:18

NGS00162 Patch Notification: Symantec Message Filter Session Hijacking via session fixation

High Risk Vulnerability in Symantec Message Filter 

2 July 2012

Ben Williams of NCC Group has discovered a High risk vulnerability in Symantec Message Filter

Impact: Session Hijacking via session fixation

Versions affected:
Symantec Message Filter Version 6.3

An updated version of the software has been released to address these vulnerabilities:

http://www.symantec.com/business/support/index?page=content&id=TECH191487

NCC Group is going to withhold details of this flaw for three months. This three month window will allow
users the time needed to apply the patch before the details are released to the general public. This
reflects the NCC Group approach to responsible disclosure.

NCC Group Research
http://www.nccgroup.com
Permalink | Reply | 0 comments |
headers
Adam Behnke | 2 Jul 2012 21:17
Favicon

Malicious Code Execution in PCI Expansion ROM

The malicious code in x86/x64 firmware can potentially reside in many
places. One of them is in the PCI expansion ROM. In the past, the small
amount of memory during PCI expansion ROM execution acted as a hindrance to
malicious code. The limited space for code and data limited the possible
tasks that could be carried out by such malicious codes. However, this
article explains how a malicious PCI expansion ROM might exploit a
little-known BIOS memory management interface to break through the memory
"barrier," thus creating a potentially more complex threat. The discussion
in this article is limited to PCI expansion ROM conforming to PCI firmware
revision 3.1 specification.

This newly "discovered" larger memory footprint enables a malware creator to
place (at least) a simple file system infector inside the PCI expansion ROM
(a compressed one). During PCI expansion ROM execution, the compressed file
system infector could have the memory it requires through memory allocation
with the PMM functions, provided that the BIOS implemented PMM-which is most
likely the case in the last 3 to 5 years. Another issue is that a malware
creator might abuse the presence of the "permanent" memory allocated for PCI
expansion ROM through the pmmAllocate() function by using the permanent
memory flag during the call to pmmAllocate().Additionally, a rogue but
simple network "interceptor" code might be possible given the jump in the
memory footprint, and if the interceptor hides in the "permanent" memory, it
could be troublesome.

View here: http://resources.infosecinstitute.com/pci-expansion-rom/ to read
the full article and walkthrough at InfoSec Institute.
Permalink | Reply | 0 comments |
headers
Yves-Alexis Perez | 2 Jul 2012 22:31
Picon
Favicon

[SECURITY] [DSA 2506-1] libapache-mod-security security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-2506-1                   security <at> debian.org
http://www.debian.org/security/                         Yves-Alexis Perez
July 02, 2012                          http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : libapache-mod-security
Vulnerability  : modsecurity bypass
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2012-2751
Debian Bug     : #678529

Qualys Vulnerability & Malware Research Labs discovered a vulnerability in
ModSecurity, a security module for the Apache webserver. In situations where
both 'Content:Disposition: attachment' and 'Content-Type: multipart' were
present in HTTP headers, the vulernability could allow an attacker to bypass
policy and execute cross-site script (XSS) attacks through properly crafted
HTML documents.

For the stable distribution (squeeze), this problem has been fixed in
version 2.5.12-1+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 2.6.6-1.

For the unstable distribution (sid), this problem has been fixed in
version 2.6.6-1.
(Continue reading)

Permalink | Reply | 0 comments |
headers
security-alert | 3 Jul 2012 06:16
Picon
Favicon

[security bulletin] HPSBUX02795 SSRT100878 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)


Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03388901

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03388901
Version: 1

HPSBUX02795 SSRT100878 rev.1 - HP-UX Running BIND, Remote Denial of Service
(DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2012-07-02
Last Updated: 2012-06-29

Potential Security Impact: Remote Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running
BIND. This vulnerability could be exploited remotely to create a Denial of
Service (DoS).

References: CVE-2012-1667
(Continue reading)

Permalink | Reply | 0 comments |

Gmane