Monthly Archives: February 2016

Ubuntu

USN-2891-1: QEMU vulnerabilities

Ubuntu Security Notice USN-2891-1

3rd February, 2016

qemu, qemu-kvm vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in QEMU.

Software description

  • qemu
    – Machine emulator and virtualizer

  • qemu-kvm
    – Machine emulator and virtualizer

Details

Qinghao Tang discovered that QEMU incorrectly handled PCI MSI-X support. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 15.10. (CVE-2015-7549)

Lian Yihan discovered that QEMU incorrectly handled the VNC server. A
remote attacker could use this issue to cause QEMU to crash, resulting in a
denial of service. (CVE-2015-8504)

Felix Wilhelm discovered a race condition in the Xen paravirtualized
drivers which can cause double fetch vulnerabilities. An attacker in the
paravirtualized guest could exploit this flaw to cause a denial of service
(crash the host) or potentially execute arbitrary code on the host.
(CVE-2015-8550)

Qinghao Tang discovered that QEMU incorrectly handled USB EHCI emulation
support. An attacker inside the guest could use this issue to cause QEMU to
consume resources, resulting in a denial of service. (CVE-2015-8558)

Qinghao Tang discovered that QEMU incorrectly handled the vmxnet3 device.
An attacker inside the guest could use this issue to cause QEMU to consume
resources, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8567, CVE-2015-8568)

Qinghao Tang discovered that QEMU incorrectly handled SCSI MegaRAID SAS HBA
emulation. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8613)

Ling Liu discovered that QEMU incorrectly handled the Human Monitor
Interface. A local attacker could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 15.10. (CVE-2015-8619, CVE-2016-1922)

David Alan Gilbert discovered that QEMU incorrectly handled the Q35 chipset
emulation when performing VM guest migrations. An attacker could use this
issue to cause QEMU to crash, resulting in a denial of service. This issue
only affected Ubuntu 14.04 LTS and Ubuntu 15.10. (CVE-2015-8666)

Ling Liu discovered that QEMU incorrectly handled the NE2000 device. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. (CVE-2015-8743)

It was discovered that QEMU incorrectly handled the vmxnet3 device. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 15.10. (CVE-2015-8744, CVE-2015-8745)

Qinghao Tang discovered that QEMU incorrect handled IDE AHCI emulation. An
attacker inside the guest could use this issue to cause a denial of
service, or possibly execute arbitrary code on the host as the user running
the QEMU process. In the default installation, when QEMU is used with
libvirt, attackers would be isolated by the libvirt AppArmor profile.
(CVE-2016-1568)

Donghai Zhu discovered that QEMU incorrect handled the firmware
configuration device. An attacker inside the guest could use this issue to
cause a denial of service, or possibly execute arbitrary code on the host
as the user running the QEMU process. In the default installation, when
QEMU is used with libvirt, attackers would be isolated by the libvirt
AppArmor profile. (CVE-2016-1714)

It was discovered that QEMU incorrectly handled the e1000 device. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. (CVE-2016-1981)

Zuozhi Fzz discovered that QEMU incorrectly handled IDE AHCI emulation. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 15.10.
(CVE-2016-2197)

Zuozhi Fzz discovered that QEMU incorrectly handled USB EHCI emulation. An
attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 15.10. (CVE-2016-2198)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
qemu-system-misc

1:2.3+dfsg-5ubuntu9.2
qemu-system

1:2.3+dfsg-5ubuntu9.2
qemu-system-aarch64

1:2.3+dfsg-5ubuntu9.2
qemu-system-x86

1:2.3+dfsg-5ubuntu9.2
qemu-system-sparc

1:2.3+dfsg-5ubuntu9.2
qemu-system-arm

1:2.3+dfsg-5ubuntu9.2
qemu-system-ppc

1:2.3+dfsg-5ubuntu9.2
qemu-system-mips

1:2.3+dfsg-5ubuntu9.2
Ubuntu 14.04 LTS:
qemu-system-misc

2.0.0+dfsg-2ubuntu1.22
qemu-system

2.0.0+dfsg-2ubuntu1.22
qemu-system-aarch64

2.0.0+dfsg-2ubuntu1.22
qemu-system-x86

2.0.0+dfsg-2ubuntu1.22
qemu-system-sparc

2.0.0+dfsg-2ubuntu1.22
qemu-system-arm

2.0.0+dfsg-2ubuntu1.22
qemu-system-ppc

2.0.0+dfsg-2ubuntu1.22
qemu-system-mips

2.0.0+dfsg-2ubuntu1.22
Ubuntu 12.04 LTS:
qemu-kvm

1.0+noroms-0ubuntu14.27

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

CVE-2015-7549,

CVE-2015-8504,

CVE-2015-8550,

CVE-2015-8558,

CVE-2015-8567,

CVE-2015-8568,

CVE-2015-8613,

CVE-2015-8619,

CVE-2015-8666,

CVE-2015-8743,

CVE-2015-8744,

CVE-2015-8745,

CVE-2016-1568,

CVE-2016-1714,

CVE-2016-1922,

CVE-2016-1981,

CVE-2016-2197,

CVE-2016-2198

Apache

Website Traffic Report

Dear Sir/Mam,

I'm sure you have been contacted in this matter many times before but our
value proposition is much different. We show the client results before we
ask for any further commitment.

As a business owner you might be interested to gain profit by placing your
website among top in search engines.

75% of users never scroll past the first page of search results.

Your website needs immediate improvement for some major issues with your
website.

-Low online presence for many competitive keyword phrases

-Unorganized social media accounts

-Not compatible with all mobile devices

-Many bad back links to your website

I have selected your website and prepared a FREE website audit report. This
is for you, completely free at no charge which I may share with you upon
request.

If my proposal sound's interesting for your business goal, feel free to
email me, or can provide me with your phone number and the best time to call
you. I am also available for an online meeting to present you this website
audit report.

Please check our standard packages listed as below:

 


SERVICE PLANS

Starter

Basic

Standard

Classic

Premium


KEYWORDS

10

15

20

30

40


TOTAL COST

Quarterly

Half-yearly

Yearly

Quarterly

Half-yearly

Yearly

Quarterly

Half-yearly

Yearly

Quarterly

Half-yearly

Yearly

Quarterly

Half-yearly

Yearly


$550

$1,000

$1,800

$700

$1,250

$2,250

$850

$1,500

$2,700

$1,200

$2,000

$3,600

$1,400

$2,500

$4,500

 I look forward to hearing from you - thanks!

Best Regards,

Oliver Tan

Business Development Manager

PCL Technology 

Contact No :-  +65 -31581036

 PS: I am not spamming. I have studied your website, prepared an audit
report and believe I can help with your business promotion. If you still
want us to not contact you, you can ignore this email or ask to remove and I
will not contact again.
AVG

‘Instagram for Doctors’ app could risk your privacy

A social networking app called ‘Figure 1’ dubbed the ‘Instagram for doctors’, allows medical professionals to share photos and comments of interesting or baffling clinical cases with the goal of providing advice, education, and treatment options. But does it put patient privacy at risk?

Anyone can download the app and view the material posted on the platform, but only healthcare professionals can post images or make comments.

Any images posted to Figure 1 must have any physical details that could identify patients (faces, tattoos, piercings etc.) obscured or removed using the in-app tools. According to Figure 1, these images are then reviewed by moderators to verify that all identifying information has been properly removed.

However, while the in-app tools help maintain patient anonymity, there may be situations where a patient’s symptoms are so unique that, by virtue of the fact, they could be easily identified.

Figure 1 claims to take the issue of patient privacy extremely seriously, however, Dr Landy the creator of the app admitted that control of the patient consent process was out of their hands — it still remains the responsibility of the medical professional or institution.

Risks and concerns

The question of data security is all important in this particular case, because a data breach could be personally damaging for patients, and financially costly for medical practitioners and institutions alike.

As a patient, here are four questions you might like to ask your health care provider.

  • What assurances do you have that your data is being handled appropriately?
  • If your privacy is relying on any kind of human moderator, who’s watching the moderators?
  • How is your personally identifiable data securely disposed of, and when?
  • Does your provider have suitable data breach prevention policies, and are all their employees familiar with them?

Even though some companies and their employees may have the best intentions for their customers, not having proper measures in place can result in actions that have serious implications — as was the case with the 56 Dean Street clinic in London.

The Figure 1 app is an example of how technology can democratize knowledge to improve the speed and delivery of essential information that can make a real difference to people’s lives.

However, technologies that handle extremely confidential information must be tempered with the right controls to avoid privacy breaches at all costs.

 

Full Disclosure

A tale of openssl_seal(), PHP and Apache2handle

Posted by s3810 on Feb 03

Hey folks,

The openssl_seal() [4] is prone to use uninitialized memory that can be
turned into a code execution. This document describes technical details of
our journey to hijack apache2 requests.

What the heck is openssl_seal()?

[…]
int openssl_seal ( string $data , string &$sealed_data , array &$env_keys , array $pub_key_ids [,
string $method = “RC4” ] )

openssl_seal() seals (encrypts) data by using the given…

Full Disclosure

Apple Software Update 2.1.3 (Windows) Remote Command Execution.

Posted by Rio Sherri on Feb 03

Apple software update is an utility to update apple software on windows
machines. The update proccess uses this kind of architecture.
First the software makes a request to
http://swcatalog.apple.com/content/catalogs/others/index-windows-1.sucatalog
This returns a xml file containing url of “.dist” files, and there were
some more interesting things

key>Packages</key>
<array>
<dict>
<key>URL</key>…