Posted by Pierre Kim on Aug 13
Hello,
This is an update to:
– Backdoor and RCE found in 8 TOTOLINK router models
(http://seclists.org/fulldisclosure/2015/Jul/80 )
– Backdoor credentials found in 4 TOTOLINK router models
(http://seclists.org/fulldisclosure/2015/Jul/79 )
– 4 TOTOLINK router models vulnerable to CSRF and XSS attacks
(http://seclists.org/fulldisclosure/2015/Jul/78 )
– 15 TOTOLINK router models vulnerable to multiple RCEs
(…
Original release date: August 12, 2015
Certain Lenovo personal computers contain a vulnerability in LSE (a Lenovo BIOS feature). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the Lenovo Security Advisories for notebooks and desktops and apply the necessary updates and mitigations.
This product is provided subject to this Notification and this Privacy & Use policy.
This is a Linux/portable port of OpenBSD’s excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen’s SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
It was discovered that Request Tracker, an extensible trouble-ticket
tracking system is susceptible to a cross-site scripting attack via the
user and group rights management pages (CVE-2015-5475) and via the
cryptography interface, allowing an attacker with a carefully-crafted
key to inject JavaScript into RT’s user interface. Installations which
use neither GnuPG nor S/MIME are unaffected by the second cross-site
scripting vulnerability.
Mozilla Firefox CVE-2015-4492 Use After Free Memory Corruption Vulnerability
WordPress Prior to 4.2.3 Multiple Security Vulnerabilities
WordPress Prior to 4.2.4 Multiple Security Vulnerabilities
ISC BIND CVE-2015-5477 Remote Denial of Service Vulnerability
The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is used to securely store data on mobile devices. The SAP DataVault has a special mechanism to generate a default set of credentials if no password/salt is supplied during the creation of the secure storage. In this mode of operation the password/salt is derived from a combination of fixed values and the VaultID belonging to the secure storage.
The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is used to securely store data on mobile devices. The SAP DataVault uses a special password derived from well-known values to encrypt some configuration values like the count of invalid attempts to unlock a secure store. This password is a composition of a value which is available in plaintext form inside the secure store container, and a fixed value. Also, the salt used is fixed. Both values are statically defined by the SAP DataVault implementation, and do not depend neither on the installation nor on the usage of the DataVault.