Monthly Archives: October 2015

Ubuntu

USN-2788-1: unzip vulnerabilities

Ubuntu Security Notice USN-2788-1

29th October, 2015

unzip vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

unzip could be made to crash or run programs as your login if it opened a
specially crafted file.

Software description

  • unzip
    – De-archiver for .zip files

Details

Gustavo Grieco discovered that unzip incorrectly handled certain password
protected archives. If a user or automated system were tricked into
processing a specially crafted zip archive, an attacker could possibly
execute arbitrary code. (CVE-2015-7696)

Gustavo Grieco discovered that unzip incorrectly handled certain malformed
archives. If a user or automated system were tricked into processing a
specially crafted zip archive, an attacker could possibly cause unzip to
hang, resulting in a denial of service. (CVE-2015-7697)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
unzip

6.0-17ubuntu1.1
Ubuntu 15.04:
unzip

6.0-13ubuntu3.1
Ubuntu 14.04 LTS:
unzip

6.0-9ubuntu1.4
Ubuntu 12.04 LTS:
unzip

6.0-4ubuntu2.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-7696,

CVE-2015-7697

Full Disclosure

Xen VM Escape

Posted by Alan Hikerell on Oct 30

Xen XSA-148(http://xenbits.xen.org/xsa/advisory-148.html) is the real VM
Escape Vulnerability

XSA-148 is public just now and it’s a memory management logic vulnerability
obviously.
The bulletin means that a micious PV DomU could enable PS/RW flag of its
PDE to read/write the 2M page.
So, if a attacker prepare a page table at the 2M page, he could use the
vulnerability to modify the PT.
Finally, this vulnerability changes to a arbitrary…

Full Disclosure

Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE

Posted by Stefan Kanthak on Oct 30

Hi @ll,

Mozilla’s (executable) full setup packages for Windows allow arbitrary
code execution resp. escalation of privilege: their SETUP.EXE loads
SHFOLDER.DLL [‘] from a temporary (sub)directory “%TEMP%7zS<hex>.tmp”
created during self-extraction of the full setup packages.

This vulnerability is well-known, every developer past absolute beginner
should know about it: <…

Full Disclosure

Pligg CMS 2.0.2: Directory Traversal

Posted by CRT on Oct 30

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: Pligg CMS 2.0.2
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://pligg.com/
Vulnerability Type: Directory Traversal
Remote Exploitable: Yes
Reported to vendor: 09/01/2015
Disclosed to public: 10/07/2015
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Vulnerability…

Full Disclosure

Pligg CMS 2.0.2: Multiple SQL Injections

Posted by CRT on Oct 30

Security Advisory – Curesec Research Team

1. Introduction

Affected Product: Pligg CMS 2.0.2
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Website: http://pligg.com/
Vulnerability Type: SQL Injection
Remote Exploitable: Yes
Reported to vendor: 09/01/2015
Disclosed to public: 10/07/2015
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH

2. Overview

There are…