Ubuntu

USN-2990-1: ImageMagick vulnerabilities

June 2, 2016 007admin

Ubuntu Security Notice USN-2990-1

2nd June, 2016

imagemagick vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in ImageMagick.

Software description

imagemagick
– Image manipulation programs and library

Details

Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly
sanitized untrusted input. A remote attacker could use these issues to
execute arbitrary code. These issues are known as “ImageTragick”. This
update disables problematic coders via the /etc/ImageMagick-6/policy.xml
configuration file. In certain environments the coders may need to be
manually re-enabled after making sure that ImageMagick does not process
untrusted input. (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716,
CVE-2016-3717, CVE-2016-3718)

Bob Friesenhahn discovered that ImageMagick allowed injecting commands via
an image file or filename. A remote attacker could use this issue to
execute arbitrary code. (CVE-2016-5118)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: libmagick++-6.q16-5v5

8:6.8.9.9-7ubuntu5.1; imagemagick-common

8:6.8.9.9-7ubuntu5.1; imagemagick

8:6.8.9.9-7ubuntu5.1; imagemagick-6.q16

8:6.8.9.9-7ubuntu5.1; libmagickcore-6.q16-2

8:6.8.9.9-7ubuntu5.1
Ubuntu 15.10:: libmagick++-6.q16-5v5

8:6.8.9.9-5ubuntu2.1; imagemagick-common

8:6.8.9.9-5ubuntu2.1; imagemagick

8:6.8.9.9-5ubuntu2.1; imagemagick-6.q16

8:6.8.9.9-5ubuntu2.1; libmagickcore-6.q16-2

8:6.8.9.9-5ubuntu2.1
Ubuntu 14.04 LTS:: libmagick++5

8:6.7.7.10-6ubuntu3.1; imagemagick-common

8:6.7.7.10-6ubuntu3.1; libmagickcore5

8:6.7.7.10-6ubuntu3.1; imagemagick

8:6.7.7.10-6ubuntu3.1
Ubuntu 12.04 LTS:: imagemagick-common

8:6.6.9.7-5ubuntu3.4; libmagickcore4

8:6.6.9.7-5ubuntu3.4; imagemagick

8:6.6.9.7-5ubuntu3.4; libmagick++4

8:6.6.9.7-5ubuntu3.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-2991-1: nginx vulnerability

June 2, 2016 007admin

Ubuntu Security Notice USN-2991-1

2nd June, 2016

nginx vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS
Ubuntu 15.10
Ubuntu 14.04 LTS

Summary

nginx could be made to crash if it received specially crafted network
traffic.

Software description

nginx
– small, powerful, scalable web/proxy server

Details

It was discovered that nginx incorrectly handled saving client request
bodies to temporary files. A remote attacker could possibly use this issue
to cause nginx to crash, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:: nginx-extras

1.10.0-0ubuntu0.16.04.2; nginx-full

1.10.0-0ubuntu0.16.04.2; nginx-core

1.10.0-0ubuntu0.16.04.2; nginx-light

1.10.0-0ubuntu0.16.04.2
Ubuntu 15.10:: nginx-extras

1.9.3-1ubuntu1.2; nginx-full

1.9.3-1ubuntu1.2; nginx-core

1.9.3-1ubuntu1.2; nginx-light

1.9.3-1ubuntu1.2
Ubuntu 14.04 LTS:: nginx-extras

1.4.6-1ubuntu3.5; nginx-full

1.4.6-1ubuntu3.5; nginx-core

1.4.6-1ubuntu3.5; nginx-light

1.4.6-1ubuntu3.5

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-4450

NVD

CVE-2016-1370

June 2, 2016 007admin

Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324.

NVD

CVE-2016-1388

June 2, 2016 007admin

Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882.

Full Disclosure

Multiple XSS in Babylon

June 2, 2016 007admin

Posted by Francisco Javier Santiago Vázquez on Jun 02

I. VULNERABILITY
————————-
Vulnerability Cross-Site Scripting (XSS)

II. PROOF OF CONCEPT
————————-*URL: *

1. http://espanol.babylon-software.com/bht/index.html?trid=
2. http://traductor.babylon-software.com/ingles/a-espanol/
3. http://traduccion.babylon-software.com/?trid=

*Vector:* <img src=1 onerror=alert(“n0ipr0cs”);>/

*State:* unpathed

III. SYSTEMS AFFECTED…

Full Disclosure

rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion

June 2, 2016 007admin

Posted by Gregory Pickett on Jun 02

Title
===================
rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion

Summary
===================
rConfig, the open source network device configuration management tool, is vulnerable to local file inclusion in
/lib/crud/downloadFile.php. downloadFile.php allows authenticated users to download any file on the server.

Affected Products
===================
rConfig 3.1.1 and earlier…

Full Disclosure

XML External Entity XXE vulnerability in OpenID component of Liferay

June 2, 2016 007admin

Posted by Sandro Gauci on Jun 02

# XML External Entity XXE vulnerability in OpenID component of Liferay

– Author: Sandro Gauci <sandro () enablesecurity com>
– Vulnerable version: Liferay 6.2.3 CE GA4 and earlier
– Liferay reference: LPS-58014
– Advisory URL:
<https://github.com/EnableSecurity/advisories/tree/master/ES2016-01-liferay-xxe>
– Timeline:
– Report date: March 16 2015
– Liferay patch: August 26 2015
– Liferay advisory: January 18…

Full Disclosure

Force allow access button to Bypass windows firewall

June 2, 2016 007admin

Posted by Raiden lol on Jun 02

Title: Force allow access to Bypass windows firewall
Vulnerability: Missing Authorization
Wednesday, May 18, 2016
Credit: CoolerVoid

Technical Details
===========
Windows has the function *SendInput()*
<https://msdn.microsoft.com/pt-br/library/windows/desktop/ms646310%28v=vs.85%29.aspx>
to
simulate a keystroke. This function accepts as argument an array of INPUT
structures. The INPUT structures can be either a mouse or a keyboard event….

Full Disclosure

Nagios XI Multiple Vulnerabilities

June 2, 2016 007admin

Posted by Francesco Oddo on Jun 02

( , ) (,
. ‘.’ ) (‘. ‘,
). , (‘. ( ) (
(_,) .’), ) _ _,
/ _____/ / _ ____ ____ _____
____ ==/ /_ _/ ___/ _ /
/ / | \ __( <_> ) Y Y
/______ /___|__ / ___ >____/|__|_| /
/ /.-. / /:wq
(x.0)
‘=.|w|.=’
_=”””=….

Security

EMC Isilon OneFS Privilege Escalation

June 2, 2016 007admin

EMC Isilon OneFS is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. Versions 7.1.0.x, 7.1.1.x, 7.2.0.x, and 7.2.1.x are affected.

007 Software

Monthly Archives: June 2016

USN-2990-1: ImageMagick vulnerabilities

Ubuntu Security Notice USN-2990-1

imagemagick vulnerabilities

Summary

Software description

Details

Update instructions

References

USN-2991-1: nginx vulnerability

Ubuntu Security Notice USN-2991-1

nginx vulnerability

Summary

Software description

Details

Update instructions

References

CVE-2016-1370

CVE-2016-1388

Multiple XSS in Babylon

rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion

XML External Entity XXE vulnerability in OpenID component of Liferay

Force allow access button to Bypass windows firewall

Nagios XI Multiple Vulnerabilities

EMC Isilon OneFS Privilege Escalation

Software and Security Information