Monthly Archives: February 2015

Mandriva

MDVSA-2015:048: postgresql

Multiple vulnerabilities has been discovered and corrected in
postgresql:

Stephen Frost discovered that PostgreSQL incorrectly displayed
certain values in error messages. An authenticated user could gain
access to seeing certain values, contrary to expected permissions
(CVE-2014-8161).

Andres Freund, Peter Geoghegan and Noah Misch discovered that
PostgreSQL incorrectly handled buffers in to_char functions. An
authenticated attacker could possibly use this issue to cause
PostgreSQL to crash, resulting in a denial of service, or possibly
execute arbitrary code (CVE-2015-0241).

It was discovered that PostgreSQL incorrectly handled memory in the
pgcrypto extension. An authenticated attacker could possibly use this
issue to cause PostgreSQL to crash, resulting in a denial of service,
or possibly execute arbitrary code (CVE-2015-0243).

Emil Lenngren discovered that PostgreSQL incorrectly handled extended
protocol message reading. An authenticated attacker could possibly
use this issue to cause PostgreSQL to crash, resulting in a denial
of service, or possibly inject query messages (CVE-2015-0244).

This advisory provides the latest version of PostgreSQL that is not
vulnerable to these issues.

Mandriva

MDVSA-2015:047: elfutils

Updated elfutils packages fix security vulnerability:

Directory traversal vulnerability in the read_long_names function in
libelf/elf_begin.c in elfutils allows remote attackers to write to
arbitrary files to the root directory via a / (slash) in a crafted
archive, as demonstrated using the ar program (CVE-2014-9447).

Ubuntu

USN-2488-2: ClamAV vulnerability

Ubuntu Security Notice USN-2488-2

12th February, 2015

clamav vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 10.04 LTS

Summary

ClamAV could be made to crash or run programs if it processed a
specially crafted file.

Software description

  • clamav
    – Anti-virus utility for Unix

Details

USN-2488-1 fixed a vulnerability in ClamAV for Ubuntu 14.10, Ubuntu
14.04 LTS, and Ubuntu 12.04 LTS. This update provides the corresponding
update for Ubuntu 10.04 LTS.

Original advisory details:

Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled
certain upack packer files. An attacker could possibly use this issue to
cause ClamAV to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.04 LTS:
clamav

0.98.6+dfsg-0ubuntu0.10.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

CVE-2013-6497,

CVE-2014-9328

Full Disclosure

Vanilla forum Stored XSS on any private message / thread post

Posted by W S on Feb 13

The vulnerability is related to the insufficient filtration in HTMLawed. Existing filter can be bypassed and paste
into the HTML tag <img> onerror event, that leads to stored XSS.

I notified the developers of existing vulnerabilities and they closed it in version 2.1.1

proof:
http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release

vulnerable versions:
2.0 to 2.1.1
maybe 1.* versions

my XSS exploit:…

Full Disclosure

NetGear WNDR Authentication Bypass / Information Disclosure

Posted by Peter Adkins on Feb 13

Reported by:
—-
Peter Adkins <peter.adkins () kernelpicnic.net>

Access:
—-
Local network; unauthenticated access.
Remote network; unauthenticated access*.

Tracking and identifiers:
—-
CVE – Mitre contacted; not yet allocated.

Platforms / Firmware confirmed affected:
—-
NetGear WNDR3700v4 – V1.0.0.4SH
NetGear WNDR3700v4 – V1.0.1.52
NetGear WNR2200 – V1.0.1.88
NetGear WNR2500 – V1.0.0.24

Additional platforms believed to be…