CentOS Errata and Security Advisory 2015:1982 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1982.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 2495d69f03e0777c2ebaf2a80c9d238e21f8b01b8ba9f09bd84f43997647f940 firefox-38.4.0-1.el5.centos.i386.rpm x86_64: 2495d69f03e0777c2ebaf2a80c9d238e21f8b01b8ba9f09bd84f43997647f940 firefox-38.4.0-1.el5.centos.i386.rpm e9ab5b89ef786fefeeab94db5cce809e8f78fb405dfe8f5237a583af720ae4f6 firefox-38.4.0-1.el5.centos.x86_64.rpm Source: 9f8906bf86661ddaef6abe3816065c136b1778cf86909cc6dfbfd5609f08e93a firefox-38.4.0-1.el5.centos.src.rpm
Monthly Archives: November 2015
Risk report update: April to October 2015
| In April 2015 we took a look at a years worth of branded vulnerabilities, separating out those that mattered from those that didn’t. Six months have passed so let’s take this opportunity to update the report with the new vulnerabilities that mattered across all Red Hat products. |
 |
ABRT (April 2015) CVE-2015-3315:
ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report. ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use these flaws to potentially escalate their privileges on an affected system to root.
This issue affected Red Hat Enterprise Linux 7 and updates were made available. A working public exploit is available for this issue. Other products and versions of Enterprise Linux were either not affected or not vulnerable to privilege escalation.
JBoss Operations Network open APIs (April 2015) CVE-2015-0297:
Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. The JBoss Operations Network server did not correctly restrict access to certain remote APIs which could allow a remote, unauthenticated attacker to execute arbitrary Java methods. We’re not aware of active exploitation of this issue. Updates were made available.
“Venom” (May 2015) CVE-2015-3456:
Venom was a branded flaw which affected QEMU. A privileged user of a guest virtual machine could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host’s QEMU process corresponding to the guest.
A number of Red Hat products were affected and updates were released. Red Hat products by default would block arbitrary code execution as SELinux sVirt protection confines each QEMU process.
“LogJam” (May 2015) CVE-2015-4000:
TLS connections using the Diffie-Hellman key exchange protocol were found to be vulnerable to an attack in which a man-in-the-middle attacker could downgrade vulnerable TLS connections to weak cryptography which could then be broken to decrypt the connection.
Like Poodle and Freak, this issue is hard to exploit as it requires a man in the middle attack. We’re not aware of active exploitation of this issue. Various packages providing cryptography were updated.
BIND DoS (July 2015) CVE-2015-5477:
A flaw in the Berkeley Internet Name Domain (BIND) allowed a remote attacker to cause named (functioning as an authoritative DNS server or a DNS resolver) to exit, causing a denial of service against BIND.
This issue affected the versions of BIND shipped with all versions of Red Hat Enterprise Linux. A public exploit exists for this issue. Updates were available the same day as the issue was public.
libuser privilege escalation (July 2015) CVE-2015-3246:
The libuser library implements a interface for manipulating and administering user and group accounts. Flaws in libuser could allow authenticated local users with shell access to escalate privileges to root.
Red Hat Enterprise Linux 6 and 7 were affected and updates available same day as issue was public. Red Hat Enterprise Linux 5 was affected and a mitigation was published. A public exploit exists for this issue.
Firefox lock file stealing via PDF reader (August 2015) CVE-2015-4495:
A flaw in Mozilla Firefox could allow an attacker to access local files with the permissions of the user running Firefox. Public exploits exist for this issue, including as part of Metasploit, and targeting Linux systems.
This issue affected Firefox shipped with versions of Red Hat Enterprise Linux and updates were available the next day after the issue was public.
Firefox add-on permission warning (August 2015) CVE-2015-4498:
Mozilla Firefox normally warns a user when trying to install an add-on if initiated by a web page. A flaw allowed this dialog to be bypassed.
This issue affected Firefox shipped with Red Hat Enterprise Linux versions and updates were available the same day as the issue was public.
Conclusion
The issues examined in this report were included because they were meaningful. This includes the issues that are of a high severity and are likely easy to be exploited (or already have a public working exploit), as well as issues that were highly visible or branded (with a name or logo), regardless of their severity.
Between 1 April 2015 and 31 October 2015 for every Red Hat product there were 39 Critical Red Hat Security Advisories released, addressing 192 Critical vulnerabilities. Aside from the issues in this report which were rated as having Critical security impact, all other issues with a Critical rating were part of Red Hat Enterprise Linux products and were browser-related: Firefox, Chromium, Adobe Flash, and Java (due to the browser plugin).
Our dedicated Product Security team continue to analyse threats and vulnerabilities against all our products every day, and provide relevant advice and updates through the Customer Portal. Customers can call on this expertise to ensure that they respond quickly to address the issues that matter. Hear more about vulnerability handling in our upcoming virtual event: Secure Foundations for Today and Tomorrow.
Nmap Port Scanner 6.49BETA6
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
pyClamd 0.3.16
pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.
Monster Menus – Access Bypass – Moderately Critical – SA-CONTRIB-2015-163
- Advisory ID: DRUPAL-SA-CONTRIB-2015-163
- Project: Monster Menus (third-party module)
- Version: 7.x
- Date: 2015-November-04
- Security risk: 12/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Default
- Vulnerability: Access bypass
Description
Monster Menus is a hierarchical menu tree, which provides highly scalable, granular permissions for all pages within a site.
The module includes an option to remove nodes from view (add them to a “recycle bin”) rather than deleting them outright. When a node has been put into a bin using an affected version of the module, it remains visible via a seldom-used URL pattern to the users to whom it had been visible previously, when it was outside of the recycle bin.
This vulnerability is mitigated by the facts that:
- Sites which do not use the recycle bin feature are not vulnerable.
- The exposed node is no more accessible than it had been before being placed into the recycle bin. If the node could not be read by a particular user while it was on the regular page, it would still be unreadable by that user when in the recycle bin.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
- Monster Menus versions 7.x-1.21 through 7.x-1.23.
Drupal core is not affected. If you do not use the contributed Monster Menus module, there is nothing you need to do.
Solution
Install the latest version:
- If you use the Monster Menus module for Drupal 7.x, upgrade to Monster Menus 7.x-1.24.
Also see the Monster Menus project page.
Reported by
Fixed by
- Dan Wilga the module maintainer
Coordinated by
- Greg Knaddison of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version:
Piwik 2.14.3 PHP Object Injection
Piwik versions 2.14.3 and below suffer from a PHP object injection vulnerability that can lead to remote code execution.
Piwik 2.14.3 Local File Inclusion
Piwik version 2.14.3 and below suffer from a local file inclusion vulnerability.
ATutor 2.2 PHP Code Injection
ATutor versions 2.2 and below suffer from a remote php code injection vulnerability.
ATutor 2.2 Cross Site Scripting
ATutor versions 2.2 and below suffer from a cross site scripting vulnerability.
ATutor 2.2 Session Variable Overloading
ATutor versions 2.2 and below suffer from a session variable overloading vulnerability.