Monthly Archives: December 2015

Ubuntu

USN-2845-1: SoS vulnerabilities

Ubuntu Security Notice USN-2845-1

17th December, 2015

sosreport vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS

Summary

sosreport could be made to expose sensitive information or overwrite files
as the administrator.

Software description

  • sosreport
    – Set of tools to gather troubleshooting data from a system

Details

Dolev Farhi discovered an information disclosure issue in SoS. If the
/etc/fstab file contained passwords, the passwords were included in the
SoS report. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-3925)

Mateusz Guzik discovered that SoS incorrectly handled temporary files. A
local attacker could possibly use this issue to overwrite arbitrary files
or gain access to temporary file contents containing sensitive system
information. (CVE-2015-7529)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
sosreport

3.2-2ubuntu1.1
Ubuntu 15.04:
sosreport

3.2-2ubuntu0.1
Ubuntu 14.04 LTS:
sosreport

3.1-1ubuntu2.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-3925,

CVE-2015-7529

VMWare

UPDATE : VMSA-2015-0008.1 – VMware product updates address information disclosure issue

------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2015-0008.1
Synopsis:    VMware product updates address information disclosure
             issue

Issue date:  2015-11-18
Updated on:  2015-12-18
CVE number:  CVE-2015-3269 CVE-2015-5255
------------------------------------------------------------------------

1. Summary

  VMware product updates address information disclosure issue.


2. Relevant Releases

  VMware vCenter Server 5.5 prior to version 5.5 update 3
  VMware vCenter Server 5.1 prior to version 5.1 update u3b
  VMware vCenter Server 5.0 prior to version 5.0 update u3e

  vCloud Director 5.6 prior to version 5.6.4
  vCloud Director 5.5 prior to version 5.5.3

  VMware Horizon View 6.0 prior to version 6.1
  VMware Horizon View 5.0 prior to version 5.3.4



3. Problem Description

   a. vCenter Server, vCloud Director, Horizon View information
      disclosure issue.

     VMware products that use Flex BlazeDS may be affected by a flaw in
     the processing of XML External Entity (XXE) requests. A specially
     crafted XML request sent to the server could lead to unintended
     information be disclosed.

     VMware would like to thank Matthias Kaiser of Code White GmbH for
     reporting this issue to us.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the identifier CVE-2015-3269 to this issue.

     The product updates listed in the table below have also been
     determined to address a XML External Entity (XXE) Processing and
     Server Side Request Forgery vulnerability in Flex BlazeDS.

     VMware would like to thank James Kettle of PortSwigger Web Security
     for reporting these issues to us.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the identifier CVE-2015-5255 to these issues.

     Column 4 of the following table lists the action required to
     remediate the vulnerability in each release, if a solution is
     available.

        VMware          Product  Running   Replace with/
        Product         Version  on        Apply Patch
        ====================  =======   =================
        vCenter Server    6.0      any      not affected
        vCenter Server    5.5      any      5.5 update 3
        vCenter Server    5.1      any      5.1 update u3b
        vCenter Server    5.0      any      5.5 update u3e

        vCloud Director   5.6      any      5.6.4
        vCloud Director   5.5      any      5.5.3

        Horizon View      6.0      any      6.1
        Horizon View      5.3      any      5.3.4


4. Solution

   Please review the patch/release notes for your product and version
   and verify the checksum of your downloaded file.


   vCenter Server
   --------------------------------
   Downloads and Documentation:
   https://www.vmware.com/go/download-vsphere

   vCloud Director For Service Providers
   --------------------------------
   Downloads and Documentation:
   https://www.vmware.com/support/pubs/vcd_pubs.html

   Horizon View 6.1, 5.3.4:
   --------------------------------
   Downloads:
   https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-610-GA&productId=492
   https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-534-PREMIER&productId=396


5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3269
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5255

------------------------------------------------------------------------

6. Change log

   2015-11-18 VMSA-2015-0008
   Initial security advisory

   2015-12-18 VMSA-2015-0008.1
   Updated advisory to note these updates also address CVE-2015-5255

------------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org

   E-mail: security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   Consolidated list of VMware Security Advisories
   http://kb.vmware.com/kb/2078735

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2015 VMware Inc.  All rights reserved.
_______________________________________________
Security-announce mailing list
Security-announce-xEzmwC/hc7si8rCdYzckzA< at >public.gmane.org
http://lists.vmware.com/mailman/listinfo/security-announce
Security

Dell Authentication Driver Uncontrolled Write

The Dell Pre-Boot Authentication Driver (PBADRV.sys) contains a vulnerability that can be leveraged to enable an attacker to write arbitrary code. The ‘OutputAddress’ from the IOCTL call is not validated before it attempts to write to memory. The content of the write is a four-byte hex value that is always greater than that of the kernel base address. Using multiple writes, it may be possible to overwrite the first entry of HalDispatchTable in a way that the entry would point to a user-land address. An attacker need only allocate shellcode at said address and call the ntdll!NtQueryIntervalProfile() function.

Security

Red Hat Security Advisory 2015-2670-01

Red Hat Security Advisory 2015-2670-01 – Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.