Monthly Archives: February 2017

NVD

CVE-2016-0270

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a “forbidden attack.” NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.

NVD

CVE-2016-10212

Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a “forbidden attack,” a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product.

NVD

CVE-2016-8492

The implementation of an ANSI X9.31 RNG in Fortinet FortiWLC allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.

NVD

CVE-2016-10213

A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a “forbidden attack,” a similar issue to CVE-2016-0270.

Drupal

Facebook Pull – Critical – Cross Site Scripting (XSS) – SA-CONTRIB-2017-011

Description

This module enables you to add integration with Facebook API.

The module doesn’t sufficiently sanitize incoming data from Facebook.

This vulnerability is mitigated by the fact that an attacker must have be able to successfully pass malicious code through Facebook API or alter facebooks DNS and recreate API endpoints.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • Facebook Pull versions prior to 7.x-3.1.

Drupal core is not affected. If you do not use the contributed Facebook Pull module, there is nothing you need to do.

Solution

Install the latest version:

Also see the Facebook Pull project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 
Drupal 7.x
Drupal

Storage API stream wrappers – Moderately Critical – Access bypass – SA-CONTRIB-2017-010

Description

This module provides stream wrappers to integrate Storage API with Drupal, as an alternative to Storage API’s core_bridge submodule.

It provides two stream wrappers: “Storage API Public” and “Storage API Private”.

The private storage API doesn’t sufficiently performs access control allowing anonymous users to access the private storage files.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • Storage API stream wrappers 7.x-1.x versions prior to 7.x-1.1.

Drupal core is not affected. If you do not use the contributed Storage API stream wrappers module, there is nothing you need to do.

Solution

Install the latest version:

Also see the Storage API stream wrappers project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 
Drupal 7.x
NVD

CVE-2016-8419

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209.

NVD

CVE-2016-8420

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807.

NVD

CVE-2016-8421

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797.

NVD

CVE-2016-8476

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940.