Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto

Posted by Tim on Dec 30

Hi Erik,

Thanks for backing me up on a number of things. Only one response below.

The site you linked mentioned 64bit block ciphers are vulnerable, even
in CTR mode. Obviously the birthday “paradox” applies. Regardless of
how right or wrong you are about Sweet32, this far from the most
important thing *implementors* should be worried about. Obviously if
they start with AES, then the birthday paradox issues are vastly
reduced. Any…

CVE-2016-10082

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.

Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto

Posted by Erik Auerswald on Dec 29

Hi,

That is correct.

That is wrong. CBC mode allows attacks such as “Sweet32”
(https://sweet32.info/), which is not possible with CTR mode.

Correct again, but too simple minded. Any encryption without integrity
protection does not provide confidentiality against an active attacker.
Using the wrong mode with a block cipher can render authentication
irrelevant in attacks on confidentiality.

That is sound advice. In addition, broken…

SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)

Posted by Dawid Golunski on Dec 29

Vulnerability:
SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)

Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Severity: CRITICAL

Desc:

An independent research uncovered a critical vulnerability in SwiftMailer that
could potentially be used by (unauthenticated) remote attackers to achieve
remote arbitrary code execution in the context of the web server user and
remotely compromise the target web…

Executable installers are vulnerable^WEVIL (case 42): SoftMaker's FreeOffice installer allows escalation of privilege

Posted by Stefan Kanthak on Dec 29

Hi @ll,

the installers of SoftMaker’s FreeOffice 2016, “freeoffice2016.exe”,
available from <http://www.softmaker.net/down/freeoffice2016.exe>,
and its predecessor FreeOffice 2010, “freeofficewindows.exe”,
available from <http://www.softmaker.net/down/freeofficewindows.exe>,
are (surprise.-) vulnerable!

1. They load CABINET.DLL, MSI.DLL, VERSION.DLL and WINSPOOL.DRV from
their “application…

GRIZZLY STEPPE – Russian Malicious Cyber Activity

This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE.