Entire Portfolio of Award Winning Content and Network Security Products Now Being Offered As Virtualized Solutions
WatchGuard Goes Virtual with Security
All posts by 007admin
SA-CORE-2012-002 – Drupal core multiple vulnerabilities
- Advisory ID: DRUPAL-SA-CORE-2012-002
- Project: Drupal core
- Version: 7.x
- Date: 2012-May-2
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Denial of Service, Access bypass, Unvalidated form redirect
Description
Denial of Service
CVE: CVE-2012-1588
Drupal core’s text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal’s text matching was found to be inefficient with certain specially crafted strings. This vulnerability is mitigated by the fact that users must have the ability to post content sent to the filter system such as a role with the “post comments” or “Forum topic: Create new content” permission.
Unvalidated form redirect
CVE: CVE-2012-1589
Drupal core’s Form API allows users to set a destination, but failed to validate that the URL was internal to the site. This weakness could be abused to redirect the login to a remote site with a malicious script that harvests the login credentials and redirects to the live site. This vulnerability is mitigated only by the end user’s ability to recognize a URL with malicious query parameters to avoid the social engineering required to exploit the problem.
Access bypass – forum listing
CVE: CVE-2012-1590
Drupal core’s forum lists fail to check user access to nodes when displaying them in the forum overview page. If an unpublished node was the most recently updated in a forum then users who should not have access to unpublished forum posts were still be able to see meta-data about the forum post such as the post title.
Access bypass – private images
CVE: CVE-2012-1591
Drupal core provides the ability to have private files, including images, and Image Styles which create derivative images from an original image that may differ, for example, in size or saturation. Drupal core failed to properly terminate the page request for cached image styles allowing users to access image derivatives for images they should not be able to view. Furthermore, Drupal didn’t set the right headers to prevent image styles from being cached in the browser.
Access bypass – content administration
CVE: CVE-2012-2153
Drupal core provides the ability to list nodes on a site at admin/content. Drupal core failed to confirm a user viewing that page had access to each node in the list. This vulnerability only concerns sites running a contributed node access module and is mitigated by the fact that users must have a role with the “Access the content overview page” permission. Unpublished nodes were not displayed to users who only had the “Access the content overview page” permission.
Versions affected
- Drupal core 7.x versions prior to 7.13.
Solution
Install the latest version:
- If you use Drupal 7.x, upgrade to Drupal core 7.13
Also see the Drupal core project page.
Reported by
- The Denial of Service vulnerability was reported by Jay Wineinger and Lin Clark.
- The unvalidated form redirect vulnerability was reported by Károly Négyesi of the Drupal Security Team and Katsuhiko Nakanishi.
- The access bypass in forum listing vulnerability was reported by Glen W.
- The access bypass for private images vulnerability was reported by frega, Andreas Gonell, Jeremy Meier and Xenza.
- The access bypass for the content administration vulnerability was reported by Jennifer Hodgdon.
Fixed by
- The Denial of Service was fixed by Károly Négyesi of the Drupal Security Team.
- The unvalidated form redirect was fixed by Wolfgang Ziegler and Stéphane Corlosquet of the Drupal Security Team.
- The access bypass in forum listing was fixed by Michael Hess of the Drupal Security Team, Ben Jeavons of the Drupal Security Team and xjm.
- The Access bypass for private images was fixed by Károly Négyesi of the Drupal Security Team, Damien Tournoud of the Drupal Security Team, Greg Knaddison of the Drupal Security Team, Stéphane Corlosquet of the Drupal Security Team, Xenza and frega.
- The Access bypass for content administration was fixed by Jennifer Hodgdon.
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Drupal version:
Oracle Security Alert for CVE-2012-1675
[BSA-069] Security Update for NGINX
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi.
I uploaded new packages for nginx which fixed the following security
problems:
CVE-2012-2089 - nginx -- arbitrary code execution in mp4
pseudo-streaming module
A flaw was reported in the nginx standard mp4 pseudo-streaming module. A
specially-crafted mp4 file could allow for the overwriting of memory
locations in a worker process if ngx_http_mp4_module were used. This
could potentially result in arbitrary code execution with the privileges
of the unprivileged nginx user.
This has been corrected in upstream 1.0.15 and 1.1.9 versions, and only
affected versions newer than 1.1.3 and 1.0.7 when built with the
ngx_http_mp4_module and had the "mp4" directive set in the configuration
file.
For the squeeze-backports distribution the problems have been fixed in
version
1.1.19-1~bpo60+1
For wheezy (testing) and sid (unstable) this was fixed in version
1.1.19-1
Squeeze (stable) is not vulnerable to this security issue.
Thanks.
- --
Cyril "Davromani
WordPress 3.3.2 (and WordPress 3.4 Beta 3)
WordPress 3.3.2 is available now and is a security update for all previous versions.
Three external libraries included in WordPress received security updates:
- Plupload (version 1.5.4), which WordPress uses for uploading media.
- SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
- SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
Thanks to Neal Poole and Nathan Partlan for responsibly disclosing the bugs in Plupload and SWFUpload, and Szymon Gruszecki for a separate bug in SWFUpload.
WordPress 3.3.2 also addresses:
- Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
- Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
- Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.
These issues were fixed by the WordPress core security team. Five other bugs were also fixed in version 3.3.2. Consult the change log for more details.
Download WordPress 3.3.2 or update now from the Dashboard → Updates menu in your site’s admin area.
WordPress 3.4 Beta 3 also available
Our development of WordPress 3.4 development continues. Today we are proud to release Beta 3 for testing. Nearly 90 changes have been made since Beta 2, released 9 days ago. (We are aiming for a beta every week.)
This is still beta software, so we don’t recommend that you use it on production sites. But if you’re a plugin developer, a theme developer, or a site administrator, you should be running this on your test environments and reporting any bugs you find. (See the known issues here.) If you’re a WordPress user who wants to open your presents early, take advantage of WordPress’s famous 5-minute install and spin up a secondary test site. Let us know what you think!
Version 3.4 Beta 3 includes all of the fixes included in version 3.3.2. Download WordPress 3.4 Beta 3 or use the WordPress Beta Tester plugin.
Oracle Critical Patch Update (CPU) Advisory – April 2012
CVE-2012-0883
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. (CVSS:6.9) (Last Update:2013-09-17)
[ANNOUNCEMENT] Apache HTTP Server 2.4.2 Released
Apache HTTP Server 2.4.2 Released
The Apache Software Foundation and the Apache HTTP Server Project
are pleased to announce the release of version 2.4.2 of the Apache
HTTP Server ("Apache"). This version of Apache is our 2nd GA
release of the new generation 2.4.x branch of Apache HTTPD and
represents fifteen years of innovation by the project, and is
recommended over all previous releases. This version of Apache is
principally a security and bug fix release, including the following
security fix:
*) SECURITY: CVE-2012-0883 (cve.mitre.org)
envvars: Fix insecure handling of LD_LIBRARY_PATH that could
lead to the current working directory to be searched for DSOs.
Apache HTTP Server 2.4.2 is available for download from:
http://httpd.apache.org/download.cgi
Apache 2.4 offers numerous enhancements, improvements, and performance
boosts over the 2.2 codebase. For an overview of new features
introduced since 2.4 please see:
http://httpd.apache.org/docs/trunk/new_features_2_4.html
Please see the CHANGES_2.4 file, linked from the download page, for a
full list of changes. A condensed list, CHANGES_2.4.2 includes only
those changes introduced since the prior 2.4 release. A summary of all
of the security vulnerabilities addressed in this and earlier releases
is available:
http://httpd.apache.org/security/vulnerabilities_24.html
This release requires the Apache Portable Runtime (APR) version 1.4.x
and APR-Util version 1.4.x. The APR libraries must be upgraded for all
features of httpd to operate correctly.
This release builds on and extends the Apache 2.2 API. Modules written
for Apache 2.2 will need to be recompiled in order to run with Apache
2.4, and require minimal or no source code changes.
http://svn.apache.org/repos/asf/httpd/httpd/trunk/VERSIONING
When upgrading or installing this version of Apache, please bear in mind
that if you intend to use Apache with one of the threaded MPMs (other
than the Prefork MPM), you must ensure that any modules you will be
using (and the libraries they depend on) are thread-safe.
NOTE to Windows users: AcceptFilter None has replaced Win32DisableAcceptEx
and the feature appears to have interoperability issues with mod_ssl.
Apache 2.4.2 may not yet be suitable for all Windows servers. There
is not yet a Windows binary distribution of httpd 2.4, but this is
expected to be remedied soon as various dependencies graduate from
beta to GA.
å”å文化暨总è£æ™ºæ…§ï¼ˆEMBA)Courseé«˜çº§ç ”ä¿®ç邀请函
2012å¹´5月19-21日在桂林举办的ä¸åŽå…¨å›½ï¼ˆå«æ¸¯æ¾³å°ï¼‰ç¬¬ä¸€å±Šå”å文化暨总è£æ™ºæ…§ï¼ˆEMBA)Courseé«˜çº§ç ”ä¿®ç,å‘您郑é‡å‘出邀请,直接点击链接http://www.zhkzwhyj.com/yjy/html/?85.html或登录“ä¸åŽå”åæ–‡åŒ–ç ”ç©¶ä¼šâ€å®˜ç½‘:http://www.zhkzwhyj.com查看详情。ç¥æ‚¨å‰ç¥¥å®‰åº·ï¼Œä¸‡äº‹å¦‚æ„ï¼
[BSA-070] Security Update for samba
I uploaded new packages for samba which fixed the following security problem: CVE-2012-1182 PIDL based autogenerated code allows overwriting beyond of allocated array. For the squeeze-backports distribution the problems have been fixed in version 2:3.6.4-1~bpo60+1.