Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.
Monthly Archives: April 2015
CiviCRM private report – Moderately Critical – Cross Site Request Forgery (CSRF) – SA-CONTRIB-2015-094
- Advisory ID: DRUPAL-SA-CONTRIB-2015-094
- Project: CiviCRM private report (third-party module)
- Version: 6.x, 7.x
- Date: 2015-April-08
- Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Theoretical/TD:All
- Vulnerability: Cross Site Request Forgery
Description
CiviCRM private report module enables users to create their own private copies of CiviCRM reports, which they can modify and save to meet their needs without requiring the “Administer reports” permission.
The module doesn’t sufficiently protect some links against CSRF. A malicious user can cause another user to delete reports by getting their browser to make a request to a specially-crafted URL.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
- CiviCRM private report 6.x-1.x versions prior to 6.x-1.2.
- CiviCRM private report 7.x-1.x versions prior to 7.x-1.3.
Drupal core is not affected. If you do not use the contributed CiviCRM private report module, there is nothing you need to do.
Solution
Install the latest version:
- If you use the CiviCRM private report module for Drupal 6.x, upgrade to CiviCRM private report 6.x-1.2
- If you use the CiviCRM private report module for Drupal 7.x, upgrade to CiviCRM private report 7.x-1.3
Also see the CiviCRM private report project page.
Reported by
- Pere Orga of the Drupal Security Team
Fixed by
- TwoMice the module maintainer
Coordinated by
- Pere Orga of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version:
Two NTP Key Authentication Vulnerabilities Patched
DHS warns of two symmetric key authentication vulnerabilities in the NTP protocol that were patched this week.
Hackers hide malware in fake game pages hosted on Steam
Gamers downloading from Steam should beware of fake game pages, after a spate of clone titles were found on the service hiding harmful malware.
The post Hackers hide malware in fake game pages hosted on Steam appeared first on We Live Security.
Ubuntu Security Notice USN-2559-1
Ubuntu Security Notice 2559-1 – Hanno Boeck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code.
FreeBSD Security Advisory – ntp Issues
FreeBSD Security Advisory – The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source. The vallen packet value is not validated in several code paths in ntp_crypto.c. When ntpd(8) is configured to use a symmetric key to authenticate a remote NTP server/peer, it checks if the NTP message authentication code (MAC) in received packets is valid, but not that there actually is any MAC included, and packets without a MAC are accepted as if they had a valid MAC. NTP state variables are updated prior to validating the received packets.
FreeBSD Security Advisory – IPv6 Denial Of Service
FreeBSD Security Advisory – The Neighbor Discover Protocol allows a local router to advertise a suggested Current Hop Limit value of a link, which will replace Current Hop Limit on an interface connected to the link on the FreeBSD system. When the Current Hop Limit (similar to IPv4’s TTL) is small, IPv6 packets may get dropped before they reached their destinations. By sending specifically crafted Router Advertisement packets, an attacker on the local network can cause the FreeBSD system to lose the ability to communicate with another IPv6 node on a different network.
FreeBSD Security Advisory – GELI Keyfile Permissions
FreeBSD Security Advisory – The default permission set by bsdinstall installer when configuring full disk encrypted ZFS is too open. A local attacker may be able to get a copy of the geli provider’s keyfile which is located at a fixed location.
FreeBSD Security Advisory – IGMP Integer Overflow
FreeBSD Security Advisory – An integer overflow in computing the size of IGMPv3 data buffer can result in a buffer which is too small for the requested operation. An attacker who can send specifically crafted IGMP packets could cause a denial of service situation by causing the kernel to crash. Revision 2 of this advisory.
FreeBSD 10.x ZFS encryption.key Disclosure
FreeBSD 10.x installer supports the installation of FreeBSD 10.x on an encrypted ZFS filesystem by default. When using the encryption system within ZFS during the installation of FreeBSD 10.0 and FreeBSD 10.1, the encryption.key has wrong permissions which allow local users to read this file. Even if the keyfile is passphrase-encrypted, it can present a risk.