Monthly Archives: December 2015

Drupal

Chat Room – Moderately Critical – Access Bypass – SA-CONTRIB-2015-169

Description

Chat Room enables site owners to integrate chats into nodes by adding the chat room field to them. The module relies on a websocket connection to send chat messages to the client.

The module doesn’t sufficiently validate access before setting up the websocket. As a result, users may receive messages from chat rooms they don’t have access to via the websocket.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • Chat Room 7.x-2.x versions prior to 7.x-2.2.

Drupal core is not affected. If you do not use the contributed Chat Room module, there is nothing you need to do.

Solution

Install the latest version:

Also see the Chat Room project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 
Drupal 7.x
NVD

CVE-2015-8024

McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username “NGCP|NGCP|NGCP;” and any password.

Drupal

Mollom – Critical – Access bypass – SA-CONTRIB-2015-168

Description

The Mollom module allows users to protect their website from spam. As part of the spam protection, Mollom enables the website administrator to create a blacklist. When content is submitted that matches terms on the black list it will be automatically marked as spam and rejected per the site configuration.

The module doesn’t sufficiently check for access when accessing or modifying the blacklist for the site. This enables a potential attacker to add, update, or remove their own terms to a site-wide blacklist. The potential exists for an attacker to remove existing blacklist terms which could allow their content to be accepted onto the site.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • Mollom 6.x-2.x versions between 6.x-2.7 through 6.x-2.14.

This does not affect the modules for Drupal 7 or Drupal 8.

Drupal core is not affected. If you do not use the contributed Mollom module, there is nothing you need to do.

Solution

Install the latest version:

Also see the Mollom project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 
Drupal 6.x
Drupal

RESTful – Less Critical – Access bypass – SA-CONTRIB-2015-167

Description

RESTful module allows Drupal to be operated via RESTful HTTP requests, using best practices for security, performance, and usability.

The module doesn’t sufficiently validate some user input. Specific code could be run arbitrarily by an attacker in certain circumstances.

This vulnerability is mitigated by the fact that only sites with a custom implementation of methods from a specific class are affected. Also, that custom code would need to affect data or impact the site in some way.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • RESTful 7.x-1.x versions prior to 7.x-1.6.

Drupal core is not affected. If you do not use the contributed RESTful module, there is nothing you need to do.

Solution

Install the latest version:

  • If you use the RESTful 7.x-1.x module for Drupal 7.x, upgrade to RESTful 7.x-1.6

Also see the RESTful project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 
Drupal 7.x
Panda Security

How Christmas lights and other appliances slow down your Wi-Fi

christmas lights

You know the routine: you’re sat at home, trying to relax by watching a series online or by trying to get some work done. However, your Wi-Fi connection that you pay so much for is slow, unreliable, and likely doesn’t reach every part of your home with a signal strength that you’d like.

So, what is the problem? You’ve called the provider and they’ve confirmed that the connection is working as it should be and you have made sure to close unnecessary tabs to ensure you’re not taxing the signal too much. Still, you find yourself having to strategically locate yourself around the house to get the best signal possible.

If this sounds familiar than the problem may be less to do with your router, and more to do with your home and the objects, or barriers, that are in it. Following a study by Ofcom, a UK regulator, which stated that Christmas fairy lights could be behind slower Internet speeds in the home, we’ve laid out a few of the main causes for interference with your Internet connection… and some of them may be surprising to you!

Reasons why your home Wi-Fi signal is slow and how to improve it

1. Household appliances

Microwaves are the worst of the lot, as it’s basically a metal box that when turned on uses high-powered microwaves at around 2.4GHz (the same frequency as Wi-Fi) creating a black hole around it for Wi-Fi signals.

Other culprits include ovens, freezers, fridges, washing machines, dishwashers… you name it. If it’s metal and has liquid-filled pipes in it, it’s going to kill your Wi-Fi signal.

2. Cordless telephones, televisions, speakers

In most cases people have their router placed near the telephone, which is hard to avoid, but they both work off the same frequency and this can prove to be detrimental.

The same goes for televisions, which on their own aren’t bad, but when placed directly near a router have a negative effect on its performance. The same goes for speakers, which are basically just electromagnets.

3. Piping and insulation

These are pretty much unavoidable in the home, but water-filled pipes absorb any signals and insulation pretty much does as its name suggests, and insulates a room from external forces, including Wi-Fi signals.

4. Your neighbor’s router

Depending on how close your router is to someone else’s, there can be a direct effect on its performance. This might prove to be even more problematic if you live in an apartment, as you could be exposed to different signals from all sides. This means that the more interference that there is, the more your router ups its broadcasting, which causes your neighbor’s router to do the same… which just perpetuates the problem.

5. Humans

Yes, you too are a problem! We humans are a fantastic absorber of Wi-Fi, so that’s also something to keep in mind when lamenting the poor performance of your internet connection.

Luckily, there are a few things you can do to try and improve your Wi-Fi, but short of turning your home into a Faraday shield which would also mean no telephone or FM connection, none will guarantee a perfect signal strength.

6. Place your router in the center of your home

A router transmits the signal in all directions, so it makes sense to have it at the center of the home. Unfortunately this isn’t always possible due to the cables that come with it.

7. Check your cables

In general, a shorter and higher quality cable will mean a faster connection speed. Also, it is better to use Ethernet cables from your modem to a separate router than run long phone cables.

8. Invest in a new router

There’s no need to break the bank on a new, fancy router, but some of the newer ones on the market offer a notable boost in signal and speed.

9. Change your Wi-Fi channel

Your router may do this automatically, but if you change your Wi-Fi channel you may find that there is less interference from other routers near to you. Any two channels separated by five or more do not overlap.

As always, we recommend you take precautions to ensure that not only is your Wi-Fi connection working to the best of its abilities, but that your privacy is also secure, so always use a good Wi-Fi protector and monitor to ensure that nobody can access your network.

The post How Christmas lights and other appliances slow down your Wi-Fi appeared first on MediaCenter Panda Security.

Security

Debian Security Advisory 3410-1

Debian Linux Security Advisory 3410-1 – Multiple security issues have been found in Icedove, Debian’s version of integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.

Security

Debian Security Advisory 3409-1

Debian Linux Security Advisory 3409-1 – A memory-corrupting integer overflow in the handling of the ECH (erase characters) control sequence was discovered in PuTTY’s terminal emulator. A remote attacker can take advantage of this flaw to mount a denial of service or potentially to execute arbitrary code.