Monthly Archives: April 2015

Redhat

RHSA-2015:0800-1: Moderate: openssl security update

Red Hat Enterprise Linux: Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-8275, CVE-2015-0204, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293

Full Disclosure

Safari iOS/OS X/Windows cookie access vulnerability

Posted by Jouko Pynnonen on Apr 13

*Overview*
The 4/8/2015 security updates from Apple included a patch for a Safari
cross-domain vulnerability. An attacker could create web content which,
when viewed by a target user, bypasses some of the normal cross-domain
restrictions to access or modify HTTP cookies belonging to any website.

Most websites which allow user logins store their authentication
information (usually session keys) in cookies. Access to these cookies
would allow…

Security

TA15-103A: DNS Zone Transfer AXFR Requests May Leak Domain Information

Original release date: April 13, 2015

Systems Affected

Misconfigured Domain Name System (DNS) servers that respond to global Asynchronous Transfer Full Range (AXFR) requests.

Overview

A remote unauthenticated user may request a DNS zone transfer from a public-facing DNS server. If improperly configured, the DNS server may respond with information about the requested zone, revealing internal network structure and potentially sensitive information.

Description

AXFR is a protocol for “zone transfers” for replication of DNS data across multiple DNS servers. Unlike normal DNS queries that require the user to know some DNS information ahead of time, AXFR queries reveal subdomain names [1]. Because a zone transfer is a single query, it could be used by an adversary to efficiently obtain DNS data.  

A well-known problem with DNS is that zone transfer requests can disclose domain information; for example, see CVE-1999-0532 and a 2002 CERT/CC white paper [2][3]. However, the issue has regained attention due to recent Internet scans still showing a large number of misconfigured DNS servers. Open-source, tested scripts are now available to scan for the possible exposure, increasing the likelihood of exploitation [4].

Impact

A remote unauthenticated user may observe internal network structure, learning information useful for other directed attacks.

Solution

Configure your DNS server to respond only to zone transfer (AXFR) requests from known IP addresses. Many open-source resources give instructions on reconfiguring your DNS server. For example, see this AXFR article for information on testing and fixing the configuration of a BIND DNS server. US-CERT does not endorse or support any particular product or vendor.

References

Revision History

  • April 13, 2015: Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.

Ubuntu

USN-2567-1: NTP vulnerabilities

Ubuntu Security Notice USN-2567-1

13th April, 2015

ntp vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in NTP.

Software description

  • ntp
    – Network Time Protocol daemon and utility programs

Details

Miroslav Lichvar discovered that NTP incorrectly validated MAC fields. A
remote attacker could possibly use this issue to bypass authentication and
spoof packets. (CVE-2015-1798)

Miroslav Lichvar discovered that NTP incorrectly handled certain invalid
packets. A remote attacker could possibly use this issue to cause a denial
of service. (CVE-2015-1799)

Juergen Perlinger discovered that NTP incorrectly generated MD5 keys on
big-endian platforms. This issue could either cause ntp-keygen to hang, or
could result in non-random keys. (CVE number pending)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
ntp

1:4.2.6.p5+dfsg-3ubuntu2.14.10.3
Ubuntu 14.04 LTS:
ntp

1:4.2.6.p5+dfsg-3ubuntu2.14.04.3
Ubuntu 12.04 LTS:
ntp

1:4.2.6.p3+dfsg-1ubuntu3.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-1798,

CVE-2015-1799

Ubuntu

USN-2568-1: libx11, libxrender vulnerability

Ubuntu Security Notice USN-2568-1

13th April, 2015

libx11, libxrender vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

libx11 could be made to crash or run programs if it processed specially
crafted data.

Software description

  • libx11
    – X11 client-side library

  • libxrender
    – X11 Rendering Extension client library

Details

Abhishek Arya discovered that libX11 incorrectly handled memory in the
MakeBigReq macro. A remote attacker could use this issue to cause
applications to crash, resulting in a denial of service, or possibly
execute arbitrary code.

In addition, following the macro fix in libx11, a number of other packages
have also been rebuilt as security updates including libxrender, libxext,
libxi, libxfixes, libxrandr, libsdl1.2, libxv, libxp, and
xserver-xorg-video-vmware.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
libxrender1

1:0.9.8-1build0.14.10.1
Ubuntu 14.04 LTS:
libxrender1

1:0.9.8-1build0.14.04.1
Ubuntu 12.04 LTS:
libx11-dev

2:1.4.99.1-0ubuntu2.3
libxrender1

1:0.9.6-2ubuntu0.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2013-7439