The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Monthly Archives: October 2016
CVE-2016-7065 (jboss_enterprise_application_platform)
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
CVE-2016-7437 (netweaver)
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312.
CVE-2016-7795 (systemd, ubuntu_linux)
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.
CVE-2016-7796 (enterprise_linux_desktop, enterprise_linux_hpc_node, enterprise_linux_server, enterprise_linux_workstation, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_server_for_sap, suse_linux_enterprise_software_development_kit, systemd)
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
ASLDRService ATK Hotkey 1.0.69.0 Privilege Escalation
ASLDRService ATK Hotkey version 1.0.69.0 suffers from an unquoted service path privilege escalation vulnerability.
Colorful Blog Cross Site Request Forgery
Colorful Blog suffers from a cross site request forgery vulnerability.
php-7.0.12-2.fc25
13 Oct 2016 – **PHP version 7.0.12**
**Core:**
* Fixed bug php#73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb)
* Fixed bug php#72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). (Anatol)
* Fixed bug php#73058 (crypt broken when salt is ‘too’ long). (Anatol)
* Fixed bug php#69579 (Invalid free in extension trait). (John Boehr)
* Fixed bug php#73156 (segfault on undefined function). (Dmitry)
* Fixed bug php#73163 (PHP hangs if error handler throws while accessing undef const in default value). (Nikita)
* Fixed bug php#73172 (parse error: Invalid numeric literal). (Nikita, Anatol)
* Fixed for php#73240 (Write out of bounds at number_format). (Stas)
* Fixed bug php#73147 (Use After Free in PHP7 unserialize()). (Stas)
* Fixed bug php#73189 (Memcpy negative size parameter php_resolve_path). (Stas)
**BCmath:**
* Fix bug php#73190 (memcpy negative parameter _bc_new_num_ex). (Stas)
**Date:**
* Fixed bug php#73091 (Unserializing DateInterval object may lead to __toString invocation). (Stas)
**DOM:**
* Fixed bug php#73150 (missing NULL check in dom_document_save_html). (Stas)
**Filter:**
* Fixed bug php#72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE). (julien)
* Fixed bug php#73054 (default option ignored when object passed to int filter). (cmb)
**GD:**
* Fixed bug php#67325 (imagetruecolortopalette: white is duplicated in palette). (cmb)
* Fixed bug php#50194 (imagettftext broken on transparent background w/o alphablending). (cmb)
* Fixed bug php#73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab, cmb)
* Fixed bug php#53504 (imagettfbbox gives incorrect values for bounding box). (Mark Plomer, cmb)
* Fixed bug php#73157 (imagegd2() ignores 3rd param if 4 are given). (cmb)
* Fixed bug php#73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb)
* Fixed bug php#73159 (imagegd2(): unrecognized formats may result in corrupted files). (cmb)
* Fixed bug php#73161 (imagecreatefromgd2() may leak memory). (cmb)
**Intl:**
* Fixed bug php#73218 (add mitigation for ICU int overflow). (Stas)
**Mbstring:**
* Fixed bug php#66797 (mb_substr only takes 32-bit signed integer). (cmb)
* Fixed bug php#66964 (mb_convert_variables() cannot detect recursion) (Yasuo)
* Fixed bug php#72992 (mbstring.internal_encoding doesn’t inherit default_charset). (Yasuo)
**Mysqlnd:**
* Fixed bug php#72489 (PHP Crashes When Modifying Array Containing MySQLi Result Data). (Nikita)
**Opcache:**
* Fixed bug php#72982 (Memory leak in zend_accel_blacklist_update_regexp() function). (Laruence)
**OpenSSL:**
* Fixed bug php#73072 (Invalid path SNI_server_certs causes segfault). (Jakub Zelenka)
* Fixed bug php#73276 (crash in openssl_random_pseudo_bytes function). (Stas)
* Fixed bug php#73275 (crash in openssl_encrypt function). (Stas)
**PCRE:**
* Fixed bug php#73121 (Bundled PCRE doesn’t compile because JIT isn’t supported on s390). (Anatol)
* Fixed bug php#73174 (heap overflow in php_pcre_replace_impl). (Stas)
**PDO_DBlib:**
* Fixed bug php#72414 (Never quote values as raw binary data). (Adam Baratz)
* Allow PDO::setAttribute() to set query timeouts. (Adam Baratz)
* Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions. (Adam Baratz)
* Add common PDO test suite. (Adam Baratz)
* Free error and message strings when cleaning up PDO instances. (Adam Baratz)
* Fixed bug php#67130 (PDOStatement::nextRowset() should succeed when all rows in current rowset haven’t been fetched). (Peter LeBrun)
* Ignore potentially misleading dberr values. (Chris Kings-Lynne)
**phpdbg:**
* Fixed bug php#72996 (phpdbg_prompt.c undefined reference to DL_LOAD). (Nikita)
* Fixed next command not stopping when leaving function. (Bob)
**Session:**
* Fixed bug php#68015 (Session does not report invalid uid for files save handler). (Yasuo)
* Fixed bug php#73100 (session_destroy null dereference in ps_files_path_create). (cmb)
**SimpleXML:**
* Fixed bug php#73293 (NULL pointer dereference in SimpleXMLElement::asXML()). (Stas)
**SOAP:**
* Fixed bug php#71711 (Soap Server Member variables reference bug). (Nikita)
* Fixed bug php#71996 (Using references in arrays doesn’t work like expected). (Nikita)
**SPL:**
* Fixed bug php#73257, php#73258 (SplObjectStorage unserialize allows use of non-object as key). (Stas)
No password? You’re asking to be hacked.
75 million smartphones in the US don’t have their passwords set on
TransUnion’s latest Cyber Security Survey confirmed that Americans who feel extremely or very concerned about cyber threats have increased 20 percent since last year – from 46 percent in 2015 to 55 percent in 2016. Fears are legitimate – hacking and cyber security have even become one of the main topics in the presidential debates between Donald Trump and Hillary Clinton.
If you think this is surprising keep reading, the most shocking part of the survey is not the fact that its’ findings confirm the notion that we are constantly under cyber danger/attack – we already know that. The most shocking part is the facts that despite the increasing fear, nearly 50% of the participants admit that they don’t take actions to protect their content.
Nearly half of the people who participated in the survey admitted they don’t lock their phones with a password.
Let us translate this for you – currently there are nearly 320 million people legally living in the USA with about 225 million of them being adults. More than two thirds of the adults living in the US have smartphones. If the statistics are right, a quick math shows there are more than 75 million people in the US whose smartphones don’t have their passcodes set on. This is scary! This means two out of the three Kardashians don’t have passcodes on their phones! What could go wrong? We will let Kim and Kanye tell you.
What should you do?
Setup a password on your cell phone.
We all know what the consequences of identity theft are – unless you want a stranger buying a car in your name, or leasing a property in a city you’ve never heard of using your SSN, you should go find your phone and setup your password on, right now. Then add a recurring reminder on your calendar to change it frequently!
Admit the problem.
The threat is real and hundreds of thousands of peoples’ lives are being ruined by hackers stealing their precious information. Having a lock on your phone might be a good beginning but it does not solve your problem entirely.
Find a solution that works best for you.
The option we recommend is Panda Security Antivirus.Downloading your copy of Panda Security antivirus will protect you from getting your email hacked, and it will keep your credit cards, personal information and cell phone safe.
According to TransUnion about 1 million people will call TransUnion Fraud Victim Assistance Department in 2016. Let’s hold hands together, be more protective of our personal information and decrease the number of calls they get by practicing common sense. It’s natural to want to protect ourselves, but it is hard to wish to protect what we have if we don’t realize that the threat is real. The most astonishing results come from taking practical, protective actions before things go wrong. Let’s not get to the point where we are in need of calling the fraud department by acting now and protecting our personal information early rather than late.
The post No password? You’re asking to be hacked. appeared first on Panda Security Mediacenter.
ATKGFNEXSrv ATKGFNEX 1.0.11.1 Privilege Escalation
ATKGFNEXSrv ATKGFNEX version 1.0.11.1 suffers from an unquoted service path privilege escalation vulnerability.