Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
Monthly Archives: March 2015
CVE-2015-0984
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname.
CVE-2015-0985
Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user’s password via a GET request.
DSA-3210 wireshark – security update
Multiple vulnerabilities were discovered in the dissectors/parsers for
WCP, pcapng and TNEF, which could result in denial of service.
Re: CVE-2011-2461 is back!
Posted by Mauro Gentile on Mar 30
As a follow up to our previous email, we have just released more details
regarding our research on CVE-2011-2461. Specifically, we discussed a
real world exploitation scenario and we provided a detailed FAQ page
with test cases:
Exploiting CVE-2011-2461 on google.com
http://blog.mindedsecurity.com/2015/03/exploiting-cve-2011-2461-on-googlecom.html
FAQ (+ test cases)
http://blog.nibblesec.org/2015/03/cve-2011-2461-is-back-faq.html
Cheers,
Mauro…
New BlackArch Linux ISOs & installer
Posted by Black Arch on Mar 30
Hi,
Today we released new BlackArch Linux ISOs. The new ISOs include over
1200
tools for i686 and x86_64 and over 1000 tools for armv6h and
armv7h.
If you’re not already familiar with BlackArch Linux, please read
the
DESCRIPTION section
below.
Here’s a short
ChangeLog:
– lot’s of
bugfixes
– change splash for boot loader (syslinux /
grub)
– updated pacman.conf
settings
– updated
/etc/motd
– updated
/etc/issue…
MDVSA-2015:183: wireshark
Updated wireshark package fixes security vulnerabilies:
The WCP dissector could crash (CVE-2015-2188).
The pcapng file parser could crash (CVE-2015-2189).
The TNEF dissector could go into an infinite loop (CVE-2015-2191).
MDVSA-2015:182: tcpdump
Updated tcpdump package fixes security vulnerabilities:
Several vulnerabilities have been discovered in tcpdump. These
vulnerabilities might result in denial of service (application
crash) or, potentially, execution of arbitrary code (CVE-2015-0261,
CVE-2015-2153, CVE-2015-2154, CVE-2015-2155).
MDVSA-2015:145-1: libxfont
Updated libxfont packages fix security vulnerabilities:
Ilja van Sprundel discovered that libXfont incorrectly handled font
metadata file parsing. A local attacker could use this issue to cause
libXfont to crash, or possibly execute arbitrary code in order to
gain privileges (CVE-2014-0209).
Ilja van Sprundel discovered that libXfont incorrectly handled X Font
Server replies. A malicious font server could return specially-crafted
data that could cause libXfont to crash, or possibly execute arbitrary
code (CVE-2014-0210, CVE-2014-0211).
The bdf parser reads a count for the number of properties defined
in a font from the font file, and allocates arrays with entries for
each property based on that count. It never checked to see if that
count was negative, or large enough to overflow when multiplied by
the size of the structures being allocated, and could thus allocate
the wrong buffer size, leading to out of bounds writes (CVE-2015-1802).
If the bdf parser failed to parse the data for the bitmap for any
character, it would proceed with an invalid pointer to the bitmap
data and later crash when trying to read the bitmap from that pointer
(CVE-2015-1803).
The bdf parser read metrics values as 32-bit integers, but stored them
into 16-bit integers. Overflows could occur in various operations
leading to out-of-bounds memory access (CVE-2015-1804).
Update:
Packages for Mandriva Business Server 1 are now being provided.
MDVSA-2015:147-1: libtiff
Updated libtiff packages fix security vulnerabilities:
The libtiff image decoder library contains several issues that
could cause the decoder to crash when reading crafted TIFF images
(CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130,
CVE-2014-9655, CVE-2015-1547).
Update:
Packages for Mandriva Business Server 1 are now being provided.