The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Monthly Archives: February 2015
CVE-2014-6303 (sequence_kinetics)
The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 do not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
CVE-2014-6304 (sequence_kinetics)
The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 allows remote attackers to obtain sensitive source-code information via unspecified vectors.
CVE-2014-9421 (kerberos)
The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.
CVE-2014-9422 (kerberos)
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial “kadmind” substring, as demonstrated by a “ka/x” principal.
CVE-2014-9423 (kerberos)
The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.
USN-2503-1: Bind vulnerability
Ubuntu Security Notice USN-2503-1
18th February, 2015
bind9 vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Bind could be made to crash if it received specially crafted network
traffic.
Software description
- bind9
– Internet Domain Name Server
Details
Jan-Piet Mens discovered that Bind incorrectly handled Trust Anchor
Management. A remote attacker could use this issue to cause bind to crash,
resulting in a denial of service.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
bind9
1:9.9.5.dfsg-4.3ubuntu0.2
- Ubuntu 14.04 LTS:
-
bind9
1:9.9.5.dfsg-3ubuntu0.2
- Ubuntu 12.04 LTS:
-
bind9
1:9.8.1.dfsg.P1-4ubuntu0.10
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
Authentication Bypass in TYPO3 CMS 4.5
Component Type: TYPO3 CMS
Vulnerability Types: Authentication Bypass
Overall Severity: Critical
Release Date: February 19, 2015
Vulnerable subcomponent: rsaauth system extension
Vulnerability Type: Authentication Bypass
Affected Versions: Versions 4.3.0 to 4.3.14, 4.4.0 to 4.4.15, 4.5.0 to 4.5.39 and 4.6.0 to 4.6.18
Severity: Critical
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:O/RC:C
CVE: not assigned yet
Problem Description: It has been discovered that TYPO3 CMS is vulnerable to Authentication Bypass. Frontend users can be authenticated by only knowing their username.
TYPO3 installations are affected, if all of the following applies:
- TYPO3 Version 4.3.0 to 4.3.14, 4.4.0 to 4.4.15, 4.5.0 to 4.5.39 or 4.6.0 to 4.6.18
- users/access restricted frontend area (frontend login)
- system extension rsaauth is loaded
- system extension rsaauth is configured for frontend usage like that:
$GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'] = 'rsa'
TYPO3 installations are not affected, if at least one of the following applies:
- TYPO3 Version 4.7.0 or higher
- no users/access restricted frontend area (TYPO3 Backend authentication is not affected)
- system extension rsaauth is not loaded (default)
- system extension rsaauth is not configured for frontend usage like that (default):
$GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'] = 'rsa'
Solution: Update to TYPO3 version 4.5.40 that fixes the problem described. Alternatively use the provided shell script to patch all affected TYPO3 versions (all between 4.3 and 4.6) that are found in a specified directory or use the diff file to patch the installations manually.
Important Note: Updating or patching your installations to fix this CRITICAL vulnerability is STRONGLY ADVISED!
Credits: Thanks to Pierrick Caillon who discovered and reported the vulnerability and to Security Team Member Nicole Cordes for developing a fix and providing the shell script.
General Advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.
General Note: All security related code changes are tagged so that you can easily look them up on our review system.
CVE-2015-1349
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.
CVE-2014-5286
The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors.