Monthly Archives: March 2016

Ubuntu

USN-2917-1: Firefox vulnerabilities

Ubuntu Security Notice USN-2917-1

9th March, 2016

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software description

  • firefox
    – Mozilla Open Source web browser

Details

Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1950)

Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel
Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,
Tyson Smith, Andrea Marchesini, and Jukka Jylänki discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2016-1952,
CVE-2016-1953)

Nicolas Golubovic discovered that CSP violation reports can be used to
overwrite local files. If a user were tricked in to opening a specially
crafted website with addon signing disabled and unpacked addons installed,
an attacker could potentially exploit this to gain additional privileges.
(CVE-2016-1954)

Muneaki Nishimura discovered that CSP violation reports contained full
paths for cross-origin iframe navigations. An attacker could potentially
exploit this to steal confidential data. (CVE-2016-1955)

Ucha Gobejishvili discovered that performing certain WebGL operations
resulted in memory resource exhaustion with some Intel GPUs, requiring
a reboot. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service. (CVE-2016-1956)

Jose Martinez and Romina Santillan discovered a memory leak in
libstagefright during MPEG4 video file processing in some circumstances.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
memory exhaustion. (CVE-2016-1957)

Abdulrahman Alqabandi discovered that the addressbar could be blank or
filled with page defined content in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)

Looben Yang discovered an out-of-bounds read in Service Worker Manager. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1959)

A use-after-free was discovered in the HTML5 string parser. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2016-1960)

A use-after-free was discovered in the SetBody function of HTMLDocument.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1961)

Dominique Hazaël-Massieux discovered a use-after-free when using multiple
WebRTC data channels. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2016-1962)

It was discovered that Firefox crashes when local files are modified
whilst being read by the FileReader API. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2016-1963)

Nicolas Grégoire discovered a use-after-free during XML transformations.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1964)

Tsubasa Iinuma discovered a mechanism to cause the addressbar to display
an incorrect URL, using history navigations and the Location protocol
property. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to conduct URL
spoofing attacks. (CVE-2016-1965)

A memory corruption issues was discovered in the NPAPI subsystem. If
a user were tricked in to opening a specially crafted website with a
malicious plugin installed, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Firefox. (CVE-2016-1966)

Jordi Chancel discovered a same-origin-policy bypass when using
performance.getEntries and history navigation with session restore. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to steal confidential data. (CVE-2016-1967)

Luke Li discovered a buffer overflow during Brotli decompression in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2016-1968)

Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2016-1973)

Ronald Crane discovered an out-of-bounds read following a failed
allocation in the HTML parser in some circumstances. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2016-1974)

Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple
memory safety issues in the Graphite 2 library. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,
CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,
CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
firefox

45.0+build2-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:
firefox

45.0+build2-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
firefox

45.0+build2-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2016-1950,

CVE-2016-1952,

CVE-2016-1953,

CVE-2016-1954,

CVE-2016-1955,

CVE-2016-1956,

CVE-2016-1957,

CVE-2016-1958,

CVE-2016-1959,

CVE-2016-1960,

CVE-2016-1961,

CVE-2016-1962,

CVE-2016-1963,

CVE-2016-1964,

CVE-2016-1965,

CVE-2016-1966,

CVE-2016-1967,

CVE-2016-1968,

CVE-2016-1973,

CVE-2016-1974,

CVE-2016-1977,

CVE-2016-2790,

CVE-2016-2791,

CVE-2016-2792,

CVE-2016-2793,

CVE-2016-2794,

CVE-2016-2795,

CVE-2016-2796,

CVE-2016-2797,

CVE-2016-2798,

CVE-2016-2799,

CVE-2016-2800,

CVE-2016-2801,

CVE-2016-2802

Ubuntu

USN-2924-1: NSS vulnerability

Ubuntu Security Notice USN-2924-1

9th March, 2016

nss vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

NSS could be made to crash or run programs if it received specially crafted
input.

Software description

  • nss
    – Network Security Service library

Details

Francis Gabriel discovered that NSS incorrectly handled decoding certain
ASN.1 data. An remote attacker could use this issue to cause NSS to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
libnss3

2:3.21-0ubuntu0.15.10.2
Ubuntu 14.04 LTS:
libnss3

2:3.21-0ubuntu0.14.04.2
Ubuntu 12.04 LTS:
libnss3

2:3.21-0ubuntu0.12.04.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary changes.

References

CVE-2016-1950

Ubuntu

USN-2925-1: Bind vulnerabilities

Ubuntu Security Notice USN-2925-1

9th March, 2016

bind9 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Bind could be made to crash if it received specially crafted network
traffic.

Software description

  • bind9
    – Internet Domain Name Server

Details

It was discovered that Bind incorrectly handled input received by the rndc
control channel. A remote attacker could possibly use this issue to cause
Bind to crash, resulting in a denial of service. (CVE-2016-1285)

It was discovered that Bind incorrectly parsed resource record signatures
for DNAME resource records. A remote attacker could possibly use this issue
to cause Bind to crash, resulting in a denial of service. (CVE-2016-1286)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
bind9

1:9.9.5.dfsg-11ubuntu1.3
Ubuntu 14.04 LTS:
bind9

1:9.9.5.dfsg-3ubuntu0.8
Ubuntu 12.04 LTS:
bind9

1:9.8.1.dfsg.P1-4ubuntu0.16

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-1285,

CVE-2016-1286

CentOS

CESA-2016:0428 Moderate CentOS 7 libssh2 SecurityUpdate

CentOS Errata and Security Advisory 2016:0428 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0428.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
3a25e00b04b27ba59fa17adb97791702dcccb56e130eb5f51651d6fe4fe42f89  libssh2-1.4.3-10.el7_2.1.i686.rpm
1e1f93e449e678597bfdd99bed306c9bb8d5b513ffcaea13d32f5b7434900300  libssh2-1.4.3-10.el7_2.1.x86_64.rpm
e76bdc2e93bbb6c4ac8705d50eef1f114ee8b8674e8436063359ac5518b10191  libssh2-devel-1.4.3-10.el7_2.1.i686.rpm
b176ee6feaf699eb9ed7466309ab9a9e8d6a7cccaf2e38a15093c484dbd22548  libssh2-devel-1.4.3-10.el7_2.1.x86_64.rpm
f76b77eed1cc006c0947abd138084a5808d97b311ebf0e13fbf3504248698f4e  libssh2-docs-1.4.3-10.el7_2.1.noarch.rpm

Source:
2181b44f7d4636eb0920582a519d1adabae94f34cb49c531a5a2b31e2ad4cf57  libssh2-1.4.3-10.el7_2.1.src.rpm
CentOS

CESA-2016:0428 Moderate CentOS 6 libssh2 SecurityUpdate

CentOS Errata and Security Advisory 2016:0428 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0428.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
3dd5f11872a5254b65711f88a89b4400c87329ed185af7d69d1d705f94abe13d  libssh2-1.4.2-2.el6_7.1.i686.rpm
c00dbe2421aada7e7eb2bc87e5160014aae7673e684011783dc34cfa9dd1fcae  libssh2-devel-1.4.2-2.el6_7.1.i686.rpm
4be2256b4afe177140a3e87fdc0061d76b3f142ef7264aeb0f9d7a8b5b8fe3b7  libssh2-docs-1.4.2-2.el6_7.1.i686.rpm

x86_64:
3dd5f11872a5254b65711f88a89b4400c87329ed185af7d69d1d705f94abe13d  libssh2-1.4.2-2.el6_7.1.i686.rpm
729dc417c94e9efbe67f10fe848ce3571945f054bd87fec428179b58dd09bef6  libssh2-1.4.2-2.el6_7.1.x86_64.rpm
c00dbe2421aada7e7eb2bc87e5160014aae7673e684011783dc34cfa9dd1fcae  libssh2-devel-1.4.2-2.el6_7.1.i686.rpm
2004db099a3302057dbf799c09012d8d9bc1360ddf043ecef2e485f0b3b7fc86  libssh2-devel-1.4.2-2.el6_7.1.x86_64.rpm
d2faf5949f869b6b295c3241707e3f40a74f7c1862da57daaaca77aabce535aa  libssh2-docs-1.4.2-2.el6_7.1.x86_64.rpm

Source:
042b1f294e214d514f5b16332956e168cc168c90a416bcfe4bbc1625636581fc  libssh2-1.4.2-2.el6_7.1.src.rpm
Typo3

SQL Injection in extension "Another simple gallery" (chgallery)

Release Date: March 10, 2016

Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.

Affected Versions: version 2.5.3 and below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:C/I:C/A:N/E:F/RL:O/RC:C (What’s that?)

Problem Description: Failing to properly sanitize user-supplied input, the extension is vulnerable to SQL Injection. A valid backend login with permission to access the plugin settings is required to exploit this vulnerability.

Solution: An updated version 2.5.4 is available from the TYPO3 Extension Manager and at http://typo3.org/extensions/repository/download/chgallery/2.5.4/t3x/. Users of the extension are advised to update the extension as soon as possible.

Credits: Credits go to Wouter van Dongen who discovered and reported the issue.

 

General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.

Typo3

Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)

Release Date: March 10, 2016

Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.

Affected Versions: 5.1.4 and below

Vulnerability Type: Unsafe Comparison of XSRF/CSRF token, Full Path Disclosure, Cross-Site Scripting, Insecure Password Generation

Severity: High

Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:C/I:C/A:P/E:ND/RL:O/RC:C (What’s that?)

References: PMASA-2016-2, PMASA-2016-5 (XSRF/CSRF), PMASA-2015-6, PMASA-2016-1, PMASA-2016-6 (FPD), PMASA-2016-3, PMASA-2016-7 (XSS) and PMASA-2016-4 (IPG)

Related CVE: CVE-2016-2039, CVE-2016-2041 (XSRF/CSRF), CVE-2015-8669, CVE-2016-2038, CVE-2016-2042 (FPD), CVE-2016-2040, CVE-2016-2043 (XSS) and CVE-2016-1927 (IPG)

Problem Description: Due to missing and wrong user input validation phpMyAdmin is susceptible to multiple vulnerabilities.

Solution: An updated version 5.1.5 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/phpmyadmin/5.1.5/t3x/. Users of the extension are advised to update the extension as soon as possible.

Note: In general the TYPO3 Security Team recommends to not use any extension that bundles database or file management tools on production TYPO3 websites.

Credits: Thanks to Andreas Beutel for providing a TYPO3 extension package with an updated phpMyAdmin version.

 

General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.

Panda Security

A single infected smartphone could cost your business thousands of euros

smartphones

A few months ago, Apple devices were the victim of a large-scale cyber-attack, the largest in the company’s history. The company had to withdraw more than 50 iPhone, iPad and Mac apps from the App Store as they installed malicious software that allowed criminals to control users’ devices remotely and steal personal information.

So you see, not even the company with the half eaten apple logo, which boasts about the security measures applied to their technologies, is free from falling into cyber-criminals’ traps.  Smartphone attacks pose a great risk to device security and data privacy, and this is even worse in work environments.

According to a recent report from renowned research institute Ponemon, the number of employees using personal devices to access corporate data has increased 43 percent over the last few years, and 56 percent of corporate data is available for access from a smartphone.

The consequences of this situation can be translated into economic figures. A single infected smartphone can cost a company over €8,0000 on average, and the estimated global figure for all cyber-attacks over an entire year can reach €15 million.

meeting

Researchers interviewed 588 IT professionals from companies in the Forbes Global 2000 list (a list of the word’s biggest public companies) to know their opinion about mobile security. 67 percent of respondents believed it was very likely that their company had already suffered data leakage, as employees could access sensitive and confidential corporate data from their smartphones.

However, there are still more reasons for concern.

When asked about what data could be accessed by employees, most of the interviewees showed little knowledge.  Workers could access far more information than IT security heads thought, including workers’ personal data, confidential documents and customer information.

Luckily, there is also good news. According to the report, 16 percent of a company’s budget is invested in mobile security, a percentage that is expected to reach 37 percent.

Additionally, more than half of the companies that took part in the study had some type of system in place to manage the data accessible to employees through their smartphones, as well as security measures such as lists of malicious apps, authentication systems and platforms to manage user access and accounts.

Researches don’t believe that going back to the past or banning the use of personal devices for work purposes are effective measures, as working in the cloud and virtual environments is increasingly common. That’s why they suggest that the solution should be to set clear limits to the information that can be accessed from personal devices, and educating employees about the risk of such practices and the available tools to neutralize them, such as those provided by Panda Security.

The post A single infected smartphone could cost your business thousands of euros appeared first on MediaCenter Panda Security.