Monthly Archives: November 2016

Full Disclosure

Huawei Flybox B660 3G/4G Router – Auth Bypass Vulnerability

Posted by Vulnerability Lab on Nov 18

Document Title:
===============
Huawei Flybox B660 3G/4G Router – Auth Bypass Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2010

Huawei ID: 558969357627813

Release Date:
=============
2016-11-18

Vulnerability Laboratory ID (VL-ID):
====================================
2010

Common Vulnerability Scoring System:
====================================
7.4

Product & Service…

Redhat

RHSA-2016:2807-2: Important: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7

Red Hat Enterprise Linux: An update is now available for Red Hat JBoss Enterprise Web Server 2 for RHEL 6
and Red Hat JBoss Enterprise Web Server 2 for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092

Redhat

RHSA-2016:2802-1: Important: openssl security update

Red Hat Enterprise Linux: An update for openssl is now available for Red Hat Enterprise Linux 6.2 Advanced
Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat
Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco
Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support,
Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat
Enterprise Linux 6.7 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-6304

Ubuntu

USN-3130-1: OpenJDK 7 vulnerabilities

Ubuntu Security Notice USN-3130-1

17th November, 2016

openjdk-7 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in OpenJDK 7.

Software description

  • openjdk-7
    – Open Source Java implementation

Details

It was discovered that OpenJDK did not restrict the set of algorithms used
for Jar integrity verification. An attacker could use this to modify
without detection the content of a JAR file, affecting system integrity.
(CVE-2016-5542)

It was discovered that the JMX component of OpenJDK did not sufficiently
perform classloader consistency checks. An attacker could use this to
bypass Java sandbox restrictions. (CVE-2016-5554)

It was discovered that the Hotspot component of OpenJDK did not properly
check received Java Debug Wire Protocol (JDWP) packets. An attacker could
use this to send debugging commands to a Java application with debugging
enabled. (CVE-2016-5573)

It was discovered that the Hotspot component of OpenJDK did not properly
check arguments of the System.arraycopy() function in certain cases. An
attacker could use this to bypass Java sandbox restrictions.
(CVE-2016-5582)

It was discovered that OpenJDK did not properly handle HTTP proxy
authentication. An attacker could use this to expose HTTPS server
authentication credentials. (CVE-2016-5597)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
openjdk-7-jre-lib

7u121-2.6.8-1ubuntu0.14.04.1
openjdk-7-jre-zero

7u121-2.6.8-1ubuntu0.14.04.1
icedtea-7-jre-jamvm

7u121-2.6.8-1ubuntu0.14.04.1
openjdk-7-jre-headless

7u121-2.6.8-1ubuntu0.14.04.1
openjdk-7-jre

7u121-2.6.8-1ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References

CVE-2016-5542,

CVE-2016-5554,

CVE-2016-5573,

CVE-2016-5582,

CVE-2016-5597

Full Disclosure

SQL injection and unserialization vulnerability in Relevanssi Premium could allow admins to execute arbitrary code (in some circumstances) (WordPress plugin)

Posted by dxw Security on Nov 18

Details
================
Software: Relevanssi Premium
Version: v1.14.4
Homepage: https://www.relevanssi.com/
Advisory report:
https://security.dxw.com/advisories/sql-injection-and-unserialization-vulnerability-in-relevanssi-premium-could-allow-admins-to-execute-arbitrary-code-in-some-circumstances/
CVE: Awaiting assignment
CVSS: 9 (High; AV:N/AC:L/Au:S/C:C/I:C/A:C)

Description
================
SQL injection and unserialization vulnerability in…

Full Disclosure

Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody

Posted by Stefan Kanthak on Nov 18

Hi @ll,

in response to <http://seclists.org/fulldisclosure/2016/Jan/24>
EmsiSoft fixed some of the DLL hijacking vulnerabilities in some
of their executable installers and unpackers.

EmsisoftEmergencyKit.exe still has beginner’s errors which allow
escalation of privilege for EVERY local user:

0. while the self-extracting WinRAR archive EmsisoftEmergencyKit.exe
doesn’t load DLLs from its “application directory” any…