Resolved Bugs
1020220 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default
1020223 – CVE-2013-4440 pwgen: non-tty passwords are trivially weak by default [epel-all]
1020258 – CVE-2013-4442 pwgen: silent fallback to insecure entropy
1020261 – CVE-2013-4442 pwgen: silent fallback to insecure entropy [epel-all]<br
Update to 2.07:
* Remove backwards compatibility for no-tty mode. Addresses CVE-2013-4440
* Fail hard if /dev/urandom and /dev/random are not available. Addresses CVE-2013-4442 and Launchpad #1183213 (Closes: #767008)
* Fix pwgen -B so that it doesn’t accidentally generate passwords with ambiguous characters after changing the case of some letters. Addresses Launchpad Bugs #638418 and #1349863
* Fix potential portability bug on architectures where unsgined ints are not 4 bytes long
Monthly Archives: December 2014
Fedora EPEL 6 Security Update: python-tornado-2.2.1-7.el6
Resolved Bugs
963260 – CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns
966272 – CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns [epel-6]<br
– Add patch to fix CVE-2013-2098 CVE-2013-2099 (bug #96627)
– Drop requires python-simplejson, not needed for modern python
CVE-2014-3099
Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors.
CVE-2014-4629
EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference.
CVE-2014-5429
DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and earlier, E3 1.0 through 4.6, and Elipse Power 1.0 through 4.6 allows remote attackers to cause a denial of service (CPU consumption) via malformed packets.
CVE-2014-6140
IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before 9.0.60100 uses the same secret HMAC token across different customers’ installations, which allows remote attackers to execute arbitrary code via crafted marshalled Ruby objects in cookie to (1) Enrollment and Apple iOS Management Extender, (2) Self-service portal, (3) Trusted Services provider, or (4) Admin Portal.
CVE-2014-7251
XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors.
CVE-2014-9278
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.
[SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google)
Posted by Security Explorations on Dec 06
Hello All,
We discovered multiple security issues in Google App Engine that allow
for a complete Java VM security sandbox escape.
There are more issues pending verification – we estimate them to be in
the range of 30+ in total.
Quick summary of our developments so far:
– we bypassed GAE whitelisting of JRE classes / achieved complete Java VM
security sandbox escape (17 full sandbox bypass PoC codes exploiting 22
issues in total),
– we…
Coinbase User Enumeration
Coinbase suffers from a user enumeration vulnerability that can also allow for email disclosure. Proof of concept code included.