Monthly Archives: May 2015

Ubuntu

USN-2603-1: Thunderbird vulnerabilities

Ubuntu Security Notice USN-2603-1

18th May, 2015

thunderbird vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Thunderbird.

Software description

  • thunderbird
    – Mozilla Open Source mail and newsgroup client

Details

Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered
multiple memory safety issues in Thunderbird. If a user were tricked in to
opening a specially crafted message with scripting enabled, an attacker
could potentially exploit these to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Thunderbird. (CVE-2015-2708)

Atte Kettunen discovered a buffer overflow during the rendering of SVG
content with certain CSS properties in some circumstances. If a user were
tricked in to opening a specially crafted message with scripting enabled,
an attacker could potentially exploit this to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Thunderbird. (CVE-2015-2710)

Scott Bell discovered a use-afer-free during the processing of text when
vertical text is enabled. If a user were tricked in to opening a specially
crafted message, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2015-2713)

Ucha Gobejishvili discovered a buffer overflow when parsing compressed XML
content. If a user were tricked in to opening a specially crafted message
with scripting enabled, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Thunderbird. (CVE-2015-2716)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
thunderbird

1:31.7.0+build1-0ubuntu0.15.04.1
Ubuntu 14.10:
thunderbird

1:31.7.0+build1-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
thunderbird

1:31.7.0+build1-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
thunderbird

1:31.7.0+build1-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References

CVE-2015-2708,

CVE-2015-2710,

CVE-2015-2713,

CVE-2015-2716

Debian

DSA-3264 icedove – security update

Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
buffer overflows and use-after-frees may lead to the execution of
arbitrary code, privilege escalation or denial of service.

Full Disclosure

[Samba 3.0.37] EnumPrinters memory corruption

Posted by Gabriele Avosani on May 18

Hello, i discovered a bug in EnumPrinters.
It seems that it allocates many mega of memory, corrupting memory and
taking control of a memcpy in parse_prs.c:398

It leads to memory corruption, fatal (and fast) exhaustion of resources
and, probably, remote code execution.

I attach a file that can be used as a proof of concept.

Gabriele Avosani

(looking for remote work as programmer, if in need, email me at
g.avosani () gmail com (PHP, Perl,…

Full Disclosure

KL-001-2015-002 : Piriform CCleaner Wiped Filename Recovery

Posted by KoreLogic Disclosures on May 18

KL-001-2015-002 : Piriform CCleaner Wiped Filename Recovery

Title: Piriform CCleaner Wiped Filename Recovery
Advisory ID: KL-001-2015-002
Publication Date: 2015.05.18
Publication URL:
https://www.korelogic.com/Resources/Advisories/KL-001-2015-002.txt

1. Vulnerability Details

Affected Vendor: Piriform
Affected Product: CCleaner
Affected Version: 3.26.0.1988 – 5.02.5101
Platform: Microsoft Windows 7 x64 Service Pack 1…