Monthly Archives: February 2016

Redhat

RHSA-2016:0241-1: Important: chromium-browser security update

Leave a comment

Red Hat Enterprise Linux: Updated chromium-browser packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2016-1622, CVE-2016-1623, CVE-2016-1624, CVE-2016-1625, CVE-2016-1626, CVE-2016-1627

Ubuntu

USN-2855-2: Samba regression

Leave a comment

Ubuntu Security Notice USN-2855-2

16th February, 2016

samba regression

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

USN-2855-1 introduced a regression in Samba.

Software description

  • samba
    – SMB/CIFS file, print, and login server for Unix

Details

USN-2855-1 fixed vulnerabilities in Samba. The upstream fix for
CVE-2015-5252 introduced a regression in certain specific environments.
This update fixes the problem.

Original advisory details:

Thilo Uttendorfer discovered that the Samba LDAP server incorrectly handled
certain packets. A remote attacker could use this issue to cause the LDAP
server to stop responding, resulting in a denial of service. This issue
only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10.
(CVE-2015-3223)

Jan Kasprzak discovered that Samba incorrectly handled certain symlinks. A
remote attacker could use this issue to access files outside the exported
share path. (CVE-2015-5252)

Stefan Metzmacher discovered that Samba did not enforce signing when
creating encrypted connections. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to view sensitive
information. (CVE-2015-5296)

It was discovered that Samba incorrectly performed access control when
using the VFS shadow_copy2 module. A remote attacker could use this issue
to access snapshots, contrary to intended permissions. (CVE-2015-5299)

Douglas Bagnall discovered that Samba incorrectly handled certain string
lengths. A remote attacker could use this issue to possibly access
sensitive information. (CVE-2015-5330)

It was discovered that the Samba LDAP server incorrectly handled certain
packets. A remote attacker could use this issue to cause the LDAP server to
stop responding, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-7540)

Andrew Bartlett discovered that Samba incorrectly checked administrative
privileges during creation of machine accounts. A remote attacker could
possibly use this issue to bypass intended access restrictions in certain
environments. This issue only affected Ubuntu 14.04 LTS, Ubuntu 15.04 and
Ubuntu 15.10. (CVE-2015-8467)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
samba

2:4.1.17+dfsg-4ubuntu3.2
Ubuntu 14.04 LTS:
samba

2:4.1.6+dfsg-1ubuntu2.14.04.12
Ubuntu 12.04 LTS:
samba

2:3.6.3-2ubuntu2.14

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 1545750

Ubuntu

USN-2899-1: LibreOffice vulnerabilities

Leave a comment

Ubuntu Security Notice USN-2899-1

16th February, 2016

libreoffice vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

LibreOffice could be made to crash or run programs as your login if it
opened a specially crafted file.

Software description

  • libreoffice
    – Office productivity suite

Details

It was discovered that LibreOffice incorrectly handled LWP document files.
If a user were tricked into opening a specially crafted LWP document, a
remote attacker could cause LibreOffice to crash, and possibly execute
arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
libreoffice-core

1:5.0.5~rc2-0ubuntu2
Ubuntu 14.04 LTS:
libreoffice-core

1:4.2.8-0ubuntu4
Ubuntu 12.04 LTS:
libreoffice-core

1:3.5.7-0ubuntu10

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart LibreOffice to make all
the necessary changes.

References

CVE-2016-0794,

CVE-2016-0795

Ubuntu

USN-2900-1: GNU C Library vulnerability

Leave a comment

Ubuntu Security Notice USN-2900-1

16th February, 2016

eglibc, glibc vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

GNU C Library could be made to crash or run programs if it received
specially crafted network traffic.

Software description

  • eglibc
    – GNU C Library

  • glibc
    – GNU C Library

Details

It was discovered that the GNU C Library incorrectly handled receiving
responses while performing DNS resolution. A remote attacker could use this
issue to cause the GNU C Library to crash, resulting in a denial of
service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
libc6

2.21-0ubuntu4.1
Ubuntu 14.04 LTS:
libc6

2.19-0ubuntu6.7
Ubuntu 12.04 LTS:
libc6

2.15-0ubuntu10.13

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-7547

Hackers News

Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)

Leave a comment
glibc-linux-flaw

A highly critical vulnerability has been uncovered in the GNU C Library (glibc), a key component of most Linux distributions, that leaves nearly all Linux machines, thousands of apps and electronic devices vulnerable to hackers that can take full control over them.

Just clicking on a link or connecting to a server can result in remote code execution (RCE), allowing hackers to steal credentials, spy on users, seize control of computers, and many more.
The vulnerability is similar to the last year’s GHOST vulnerability (CVE-2015-0235) that left countless machines vulnerable to remote code execution (RCE) attacks, representing a major Internet threat.
GNU C Library (glibc) is a collection of open source code that powers thousands of standalone apps and most Linux distributions, including those distributed to routers and other types of hardware.
The recent flaw, which is indexed as CVE-2015-7547, is a stack-based buffer overflow vulnerability in glibc’s DNS client-side resolver that is used to translate human-readable domain names, like google.com, into a network IP address.
The buffer overflow flaw is triggered when the getaddrinfo() library function that performs domain-name lookups is in use, allowing hackers to remotely execute malicious code.

How Does the Flaw Work?

The flaw can be exploited when an affected device or app make queries to a malicious DNS server that returns too much information to a lookup request and floods the program’s memory with code.
This code then compromises the vulnerable application or device and tries to take over the control over the whole system.
It is possible to inject the domain name into server log files, which when resolved will trigger remote code execution. An SSH (Secure Shell) client connecting to a server could also be compromised.
However, an attacker need to bypass several operating system security mechanisms – like ASLR and non-executable stack protection – in order to achieve successful RCE attack.
Alternatively, an attacker on your network could perform man-in-the-middle (MitM) attacks and tamper with DNS replies in a view to monitoring and manipulating (injecting payloads of malicious code) data flowing between a vulnerable device and the Internet.

Affected Software and Devices

All versions of glibc after 2.9 are vulnerable. Therefore, any software or application that connects to things on a network or the Internet and uses glibc is at RISK.
The widely used SSH, sudo, and curl utilities are all known to be affected by the buffer overflow bug, and security researchers warn that the list of other affected applications or code is almost too diverse and numerous to enumerate completely.
The vulnerability could extend to a nearly all the major software, including:
  • Virtually all distributions of Linux.
  • Programming languages such as the Python, PHP, and Ruby on Rails.
  • Many others that use Linux code to lookup the numerical IP address of an Internet domain.
  • Most Bitcoin software is reportedly vulnerable, too.

Who are Not Affected

The good news is users of Google’s Android mobile operating system aren’t vulnerable to this flaw. As the company uses a glibc substitute known as Bionic that is not susceptible, according to a Google representative.
Additionally, a lot of embedded Linux devices, including home routers and various gadgets, are not affected by the bug because these devices use the uclibc library as it is more lightweight than hefty glibc.
The vulnerability was first introduced in May 2008 but was reported to the glibc maintainers July 2015.
The vulnerability was discovered independently by researchers at Google and Red Hat, who found that the vulnerability has likely not been publicly attacked.
The flaw was discovered when one of the Google’s SSH apps experienced a severe error called a segmentation fault each time it attempted to contact to a particular Internet address, Google’s security team reported in a blog post published Monday.

Where glibc went Wrong

Google researchers figured out that the error was due to a buffer overflow bug inside the glibc library that made malicious code execution attacks possible. The researchers then notified glibc maintainers.
Here’s what went wrong, according to the Google engineers:

“glibc reserves 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query. Later on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated.”

“Under certain conditions a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow.”

Proof-of-Concept Exploit Released

Google bod Fermin J. Serna released a Proof-of-Concept (POC) exploit code on Tuesday.
With this POC code, you can verify if you are affected by this critical issue, and verify any mitigations you may wish to enact.

Patch glibc Vulnerability

Google researchers, working with security researchers at Red Hat, have released a patch to fix the programming blunder.
However, it is now up to the community behind the Linux OS and manufacturers, to roll out the patch to their affected software and devices as soon as possible.
For people running servers, fixing the issue will be a simple process of downloading and installing the patch update.
But for other users, patching the problem may not be so easy. The apps compiled with a vulnerable glibc version should be recompiled with an updated version – a process that will take time as users of affected apps have to wait for updates to become available from developers.
Meanwhile, you can help prevent exploitation of the flaw, if you aren’t able to immediately patch your instance of glibc, by limiting all TCP DNS replies to 1024 bytes, and dropping UDP DNS packets larger than 512 bytes.
For more in-depth information on the glibc flaw, you can read Red Hat blog post.