Red Hat Security Advisory 2015-1287-01 – FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash. The freeradius packages have been upgraded to upstream version 2.2.6, which provides a number of bug fixes and enhancements over the previous version.
Monthly Archives: July 2015
Ubuntu Security Notice USN-2675-1
Ubuntu Security Notice 2675-1 – Roman Fiedler discovered that LXC had a directory traversal flaw when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user. Roman Fiedler discovered that LXC incorrectly trusted the container’s proc filesystem to set up AppArmor profile changes and SELinux domain transitions. A local attacker could exploit this flaw to run programs inside the container that are not confined by AppArmor or SELinux. Various other issues were also addressed.
Gentoo Linux Security Advisory 201507-21
Gentoo Linux Security Advisory 201507-21 – Multiple vulnerabilities have been found in libXfont, the worst of which could result in execution of arbitrary code or Denial of Service. Versions less than 1.5.1 are affected.
Ubuntu Security Notice USN-2676-1
Ubuntu Security Notice 2676-1 – It was discovered that NBD incorrectly handled IP address matching. A remote attacker could use this issue with an IP address that has a partial match and bypass access restrictions. This issue only affected Ubuntu 12.04 LTS. Tuomas discovered that NBD incorrectly handled wrong export names and closed connections during negotiation. A remote attacker could use this issue to cause NBD to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
Red Hat Security Advisory 2015-1254-02
Red Hat Security Advisory 2015-1254-02 – The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user’s cookie to a crafted domain, making other cookie-related issues easier to exploit. A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle’s duplicate could cause the application to crash or disclose a portion of its memory.
Red Hat Security Advisory 2015-1471-01
Red Hat Security Advisory 2015-1471-01 – The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure.
Tech giants take action on ad click fraud
Some of the biggest digital companies have banded together to take action on the rising tide of ad click fraud.
The post Tech giants take action on ad click fraud appeared first on We Live Security.
Hackers demo Jeep security hack
Hackers have demonstrated an exploit that can take remote control of a Jeep, to the extent of cutting the transmission and controlling the throttle.
The post Hackers demo Jeep security hack appeared first on We Live Security.
Time Tracker – Moderately Critical – Cross Site Scripting (XSS) – SA-CONTRIB-2015-135
- Advisory ID: DRUPAL-SA-CONTRIB-2015-135
- Project: Time Tracker (third-party module)
- Version: 7.x
- Date: 2015-July-22
- Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
- Vulnerability: Cross Site Scripting, Multiple vulnerabilities
Description
This module enables you to track time on entities and comments.
The module doesn’t sufficiently filter notes added to time entries, leading to an XSS/JavaScript injection vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission “Add Time Tracker Entries“.
The module doesn’t sufficiently filter activities used to categorize time tracker entries. This vulnerability is mitigated by the fact that an attacker must have a role with the “Administer Time Tracker” permission. This role has also been properly marked as “restrict access“.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
- Time Tracker 7.x-1.x versions prior to 7.x-1.4.
Drupal core is not affected. If you do not use the contributed Time Tracker module, there is nothing you need to do.
Solution
Install the latest version:
- If you use the Time Tracker module for Drupal 7.x, update to Time Tracker 7.x-1.4.
Also see the Time Tracker project page.
Reported by
Fixed by
Coordinated by
- Frédéric G. Marand, provisional member of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version:
OSF for Drupal – Critical – Multiple vulnerabilities – SA-CONTRIB-2015-134
- Advisory ID: DRUPAL-SA-CONTRIB-2015-134
- Project: OSF for Drupal (third-party module)
- Version: 7.x
- Date: 2015-July-22
- Security risk: 15/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
- Vulnerability: Cross Site Scripting, Access bypass, Cross Site Request Forgery
Description
The Open Semantic Framework (OSF) for Drupal is a middleware layer that allows structured data (RDF) and associated vocabularies (ontologies) to “drive” tailored tools and data displays within Drupal.
The module is vulnerable to reflected Cross Site Scripting (XSS) because it did not sufficiently filter user input values in some administration pages. An attacker could exploit this vulnerability by making other users visit a specially-crafted URL. Only sites with OSF Ontology module enabled are affected.
Additionally, the module is vulnerable to Arbitrary file deletion. A malicious user can cause an administrator to delete files by getting their browser to make a request to a specially-crafted URL. Only sites with OSF Ontology and OSF Import modules enabled are affected.
Also, some forms were vulnerable to Cross Site Request Forgery (CSRF). An attacker could create new OSF datasets by getting an administrator’s browser to make a request to a specially-crafted URL. Only sites with OSF Import module enabled are affected.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
- OSF 7.x-3.x versions prior to 7.x-3.1.
Drupal core is not affected. If you do not use the contributed OSF for Drupal module, there is nothing you need to do.
Solution
Install the latest version:
- If you use the OSF for Drupal module for Drupal 7.x, upgrade to OSF 7.x-3.1
Also see the OSF for Drupal project page.
Reported by
- Pere Orga of the Drupal Security Team
Fixed by
- Frederick Giasson, the module maintainer
Coordinated by
- Pere Orga of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version: