Ubuntu Security Notice 2613-1 – Vincent Tondellier discovered an integer overflow in the Linux kernel’s netfilter connection tracking accounting of loaded extensions. An attacker on the local area network (LAN) could potential exploit this flaw to cause a denial of service (system crash of targeted system). Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). Various other issues were also addressed.
Monthly Archives: May 2015
CEBA-2015:1019 CentOS 6 fence-agents BugFix Update
CentOS Errata and Bugfix Advisory 2015:1019 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1019.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 4ad03d85c413e46805537c6aeadf30d0f6a4aa8f93ee6c862001da78dc1d532e fence-agents-3.1.5-48.el6_6.3.i686.rpm x86_64: 0215191635e029610501a36e6c0f6e3b9102d6a5c41cfb02067c72e2ecf26353 fence-agents-3.1.5-48.el6_6.3.x86_64.rpm Source: 98a416079169617bcb5a7b4846c3d19f1ebd8f81b51a59ae3ce26e2ba0692f12 fence-agents-3.1.5-48.el6_6.3.src.rpm
CEBA-2015:1018 CentOS 6 lvm2 BugFix Update
CentOS Errata and Bugfix Advisory 2015:1018 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1018.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 9725e0eac57cba6f6d379875d41d3cf6abe119b2dd66578ca69029ee60ef8fdd cmirror-2.02.111-2.el6_6.3.i686.rpm 782202a3cbd3ce78ebde911b41a12fd84e4d75167c1e763e491ebdb285916d4d device-mapper-1.02.90-2.el6_6.3.i686.rpm 031decff2e7094acfd6ea8b6799e7ee0a9b34bbd1ce34fa6cd714f224c4664d0 device-mapper-devel-1.02.90-2.el6_6.3.i686.rpm e94443eefd701d40f44220993f324d928bc1d2de7a8821766bfa4d07d5eb8411 device-mapper-event-1.02.90-2.el6_6.3.i686.rpm 9eda90c40dc95a4cc7eccdee7333d46c840f3c4ada11d24e0f9039ca746d943b device-mapper-event-devel-1.02.90-2.el6_6.3.i686.rpm e54bdab54ee0e5e1f4603d306334a20832c0a2458a5946721f97217ed1f7b7bf device-mapper-event-libs-1.02.90-2.el6_6.3.i686.rpm c0917aa9b552011aa738feabbde0ef657216574c67bca32b83602ebaa5a1d03c device-mapper-libs-1.02.90-2.el6_6.3.i686.rpm 22caaf73874d2dec1ddbf2438dd893970f0c5a6d4856e815c80edb4faf0d9a9e lvm2-2.02.111-2.el6_6.3.i686.rpm 6715717aca82768f762d271d6ce34537aabcb0379f3560adb2403e5837f04f7e lvm2-cluster-2.02.111-2.el6_6.3.i686.rpm d57f8d545428c37acfd0a22bdeae010fb817f962a43789a50e476c08f04edbdc lvm2-devel-2.02.111-2.el6_6.3.i686.rpm edbf4b48a2ec41c80bdaea8fd538345d64739f94f2839c7f309a280c71391f3f lvm2-libs-2.02.111-2.el6_6.3.i686.rpm x86_64: 931bd87349d03b6e556a3984b84380039aabd5cdd4930c05f2e1ae1b15a98ccc cmirror-2.02.111-2.el6_6.3.x86_64.rpm dab31e189ecda89e1e5a49b9389b6ae2a2923544d7211b6ce237fe1da22a557f device-mapper-1.02.90-2.el6_6.3.x86_64.rpm 031decff2e7094acfd6ea8b6799e7ee0a9b34bbd1ce34fa6cd714f224c4664d0 device-mapper-devel-1.02.90-2.el6_6.3.i686.rpm b29b363f5612cbf200272d584b38fae90c39710b8e5e347f0fba1d2715fb1c4a device-mapper-devel-1.02.90-2.el6_6.3.x86_64.rpm ee83fbec92dc83b9b74f5b5b2caa1f6ced86bd15f300d5b3f96223b2fd6db800 device-mapper-event-1.02.90-2.el6_6.3.x86_64.rpm 9eda90c40dc95a4cc7eccdee7333d46c840f3c4ada11d24e0f9039ca746d943b device-mapper-event-devel-1.02.90-2.el6_6.3.i686.rpm 8cb632b97a850b7e0c85e5b5cca2d15395eda0196b756bab6d84e9b703b468b6 device-mapper-event-devel-1.02.90-2.el6_6.3.x86_64.rpm e54bdab54ee0e5e1f4603d306334a20832c0a2458a5946721f97217ed1f7b7bf device-mapper-event-libs-1.02.90-2.el6_6.3.i686.rpm 84094500064f3f1babc328b56aa686f3f9c6fd85e7acfa4ab1b3ad4347384850 device-mapper-event-libs-1.02.90-2.el6_6.3.x86_64.rpm c0917aa9b552011aa738feabbde0ef657216574c67bca32b83602ebaa5a1d03c device-mapper-libs-1.02.90-2.el6_6.3.i686.rpm 80800c7333266cc27a9773efadb728856d63793b49d50efdfe2ad1f69092940f device-mapper-libs-1.02.90-2.el6_6.3.x86_64.rpm 13e50eb2a16ee307d29133bc480dfbbe204becf6b2bfc7b06d3c10006e9aa006 lvm2-2.02.111-2.el6_6.3.x86_64.rpm 928b1edb81e5b8ec3e70ee1ca2cef0addd6578caa74c520cd6cc1da669fa03cb lvm2-cluster-2.02.111-2.el6_6.3.x86_64.rpm d57f8d545428c37acfd0a22bdeae010fb817f962a43789a50e476c08f04edbdc lvm2-devel-2.02.111-2.el6_6.3.i686.rpm 246aa52a8329a2099bb51a44aad8b7fdceb11ce626d1a2c6739ab1ff002ab18a lvm2-devel-2.02.111-2.el6_6.3.x86_64.rpm edbf4b48a2ec41c80bdaea8fd538345d64739f94f2839c7f309a280c71391f3f lvm2-libs-2.02.111-2.el6_6.3.i686.rpm f4800a90ae01cdedf8fc815195024bed0a1f2d99f68993e34da4ffcc1ffc797a lvm2-libs-2.02.111-2.el6_6.3.x86_64.rpm Source: e61c53b478939ce5f93bebf5172f1ee2bf01555f85ee157077589526eb58d472 lvm2-2.02.111-2.el6_6.3.src.rpm
Help protect your family with AVG’s new VPN from Privax
As a father of three, I understand the difficulty of raising children in an increasingly online world. This first-hand experience made it even more pleasing to stand in the offices of AVG’s newest acquisition, a privacy and protection technology company called Privax, and to welcome all their employees officially to AVG.
Privax is behind a fantastic service called HMA! Pro which is a virtual private network (VPN) product that allows consumers to connect their mobile and desktop devices to the Internet securely and privately. It’s a great tool to ensure that personal data remains just that – personal data. VPNs give people more control over what information about themselves they are comfortable sharing and what they would prefer to keep to themselves when communicating, purchasing or searching online.
AVG understands that you are concerned about your privacy and this acquisition is part of our continued commitment to offering the best protection and privacy products available. It’s our goal to give you peace of mind when you go online on your mobile as well as your desktop devices. You’ve told us that you value choice when managing your own privacy settings, and for those with families, this is even more important as you look to protect your children online.
Research we carried out earlier this year with the Mobile Ecosystem Forum showed that 49% of people surveyed in 10 countries said trust prevented them from downloading or buying online, or using some or all apps from their mobile device. We also found that 72% were not happy sharing personal data with apps – compared with 65% last year.
Therefore, at Mobile World Congress earlier this year, our CEO, Gary Kovacs, made a public commitment to provide smart tools to help our customers reassert their privacy. This acquisition takes us one step further towards fulfilling this promise.
Video
Gary Kovacs Keynote at MWC 2015
Customers can already use our existing privacy services including AVG PrivacyFix and the Do Not Track feature of our secure search. Privax’s HMA! Pro will give you another option by helping you enjoy your favorite online activities in a safe and private environment that you can tailor to your personal sharing preferences and without compromising your privacy.
Has a plane been hacked mid-flight?
The FBI is investigating Chris Roberts, a security researcher, who claims to have taken control of an aircraft in midflight and made it drift sideways by controlling one of the engines. All this from a passenger seat and a connection through the entertainment system located under a seat.
Chris Roberts, who has demonstrated hacking many devices at Blackhat conferences, denies the claim and has tweeted
Over last 5 years my only interest has been to improve aircraft security…given the current situation I’ve been advised against saying much
— Chris Roberts (@Sidragon1) May 17, 2015
The FBI is reported to have interviewed Roberts a number of times in a recently published article on APTN, a Canadian news outlet. According to the article Roberts claimed he took control of an aircraft
Just one month ago, a GAO report warned of a vulnerability on aircraft where they claim that the avionics could be accessed through the entertainment system as they are connected through a common infrastructure. The GAO report was widely disputed by many industry experts as I detailed in a previous blog post.
This second incident has made me revisit the topic and makes me question whether or not I will be safe on my next flight. Once again, my conclusion is that I am. Here’s why:
- The original conclusion that the two networks are not connected was based on expert commentary from Dr. Phil Postra a qualified pilot and professor of digital forensics at Bloomsburg University.
- There is speculation that newer aircraft, specifically the Boeing 787 DreamLiner may have a single onboard network but experts say that even on these aircraft the flow of data is one way from the cockpit to the passenger network and that no traffic can fly in the opposite direction. This has been a speculative issue for the last 7 years, see this Fox news story.
- The aircraft that Roberts reportedly hacked was ‘older’ and had the standard of separate networks for Avionics and Entertainment, which would imply that the hack may not have happened at all and may have just been a bit of bragging.
- Since this story took to the mainstream press last month, I am certain that manufacturers of aircraft have tested and re-tested the security of the avionics systems and if necessary made the necessary changes. In fact, Roberts may have made the systems even more secure with just the rumor of a hack.
- Lastly, aircraft are fitted with the ability for the pilot to take manual control and fly by wire, this is done through a disconnect switch in the cockpit. In the remote possibility someone did manage to mess with the avionics then I would trust one of the pilots to take control.
While there maybe doubt, speculation and differing views, there are many other systems that could potentially be hacked to disrupt a flight such as air traffic control systems or satellite positioning systems. These could be attacked from the ground and not require a hacker to be on board. It seems far more likely to me, that these would be the target of a person with malicious intent.
Will I be boarding an aircraft soon? Yes, next week. If the person sitting next to me gets out a screw driver and starts taking his seat apart to access networks cables I will call the crew over and ask them to inform the pilot, I trust you will do the same.
LogJam Vulnerability Threatens Thousands of HTTPS Websites & Mail Servers
What it’s all about
The weaknesses that allow the so called LogJam Attack apparently have to do with how Diffie-Hellman key exchange has been deployed. Said key is a popular cryptographic algorithm that allows internet protocols to agree on a shared key and negotiate a secure connection. Since it is fundamental to many protocols like HTTPS, SSH, IPsec and SMTPS it is relatively wide spread: about 8.4% of the top one million websites and an even bigger part of servers using IPv4 are affected by LogJam.
“Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections”, the team state.
According to the researchers LogJam can be used to downgrade connections to 80% of TLS DHE EXPORT servers. They also estimates that a skilled team can break a 768-bit prime and that – due to the available resources – a state-sponsored campaign could break the common 1024-bit prime.
This is especially scary since they estimate that a successful 1024-bit prime attack would allow for eavesdropping on up to 18% of the top one million HTTPS domains.
Their research paper goes even further: “Our calculations suggest that it is plausibly within NSA’s resources to have performed number field sieve precomputations for at least a small number of 1024-bit Diffie-Hellman groups. This would allow them to break any key exchanges made with those groups in close to real time. If true, this would answer one of the major cryptographic questions raised by the Edward Snowden leaks: How is NSA defeating the encryption for widely used VPN protocols?” How about that! It definitely opens up room for a lot of discussions.
As with FREAK, the vulnerability is actually quite old already. “To comply with 1990s-era U.S. export restrictions on cryptography, SSL 3.0 and TLS 1.0 supported reduced-strength DHE_EXPORT ciphersuites that were restricted to primes no longer than 512 bits”, the released paper reads.
What you can do
Luckily the team has already been in touch with most of the browser developers which means that there are either already fixes available (namely for the Internet Explorer) or will be very very soon.
Make sure you have the most recent version of your web browser installed: Google Chrome (including Android Browser), Mozilla Firefox, Microsoft Internet Explorer, and Apple Safari are all deploying fixes for the Logjam attack. If you run a web or mail server you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group.
More information on LogJam can be found on the dedicated page.
The post LogJam Vulnerability Threatens Thousands of HTTPS Websites & Mail Servers appeared first on Avira Blog.
LogJam Vulnerability Threatens Thousands of HTTPS Websites & Mail Servers
What it’s all about
The weaknesses that allow the so called LogJam Attack apparently have to do with how Diffie-Hellman key exchange has been deployed. Said key is a popular cryptographic algorithm that allows internet protocols to agree on a shared key and negotiate a secure connection. Since it is fundamental to many protocols like HTTPS, SSH, IPsec and SMTPS it is relatively wide spread: about 8.4% of the top one million websites and an even bigger part of servers using IPv4 are affected by LogJam.
“Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections”, the team state.
According to the researchers LogJam can be used to downgrade connections to 80% of TLS DHE EXPORT servers. They also estimates that a skilled team can break a 768-bit prime and that – due to the available resources – a state-sponsored campaign could break the common 1024-bit prime.
This is especially scary since they estimate that a successful 1024-bit prime attack would allow for eavesdropping on up to 18% of the top one million HTTPS domains.
Their research paper goes even further: “Our calculations suggest that it is plausibly within NSA’s resources to have performed number field sieve precomputations for at least a small number of 1024-bit Diffie-Hellman groups. This would allow them to break any key exchanges made with those groups in close to real time. If true, this would answer one of the major cryptographic questions raised by the Edward Snowden leaks: How is NSA defeating the encryption for widely used VPN protocols?” How about that! It definitely opens up room for a lot of discussions.
As with FREAK, the vulnerability is actually quite old already. “To comply with 1990s-era U.S. export restrictions on cryptography, SSL 3.0 and TLS 1.0 supported reduced-strength DHE_EXPORT ciphersuites that were restricted to primes no longer than 512 bits”, the released paper reads.
What you can do
Luckily the team has already been in touch with most of the browser developers which means that there are either already fixes available (namely for the Internet Explorer) or will be very very soon.
Make sure you have the most recent version of your web browser installed: Google Chrome (including Android Browser), Mozilla Firefox, Microsoft Internet Explorer, and Apple Safari are all deploying fixes for the Logjam attack. If you run a web or mail server you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group.
More information on LogJam can be found on the dedicated page.
The post LogJam Vulnerability Threatens Thousands of HTTPS Websites & Mail Servers appeared first on Avira Blog.
New Logjam Attack on Diffie-Hellman Threatens Security of Browsers, VPNs
Researchers have uncovered a flaw in the way that some servers handle the Diffie-Hellman key exchange, a bug that’s somewhat similar to the FREAK attack and threatens the security of many Web and mail servers. The bug affects all of the major browsers and any server that supports export-grade 512-bit Diffie-Hellman cryptography. The most serious […]
CVE-2014-4776 (license_metric_tool)
IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
CVE-2014-8924 (license_metric_tool, tivoli_asset_discovery_for_distributed)
The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.