Category Archives: Security
Security
FBI Boss Concerned By Smartphone Encryption Plans
Facebook's Fight Against Search Warrants Gets Court Go-Ahead
Hakabana 0.2.1
Hakabana is an open source monitoring tool that helps you visualize network traffic using Haka and Kibana.
[ MDVSA-2014:190 ] bash
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:190 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : bash Date : September 26, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue (CVE-2014-7169). Additionally bash has been updated from patch level 37 to 48
Several vulnerabilities in extension phpMyAdmin (phpmyadmin)
Release Date: September 26, 2014
Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
Affected Versions: version 4.18.2 and below
Vulnerability Type: XSS, CSRF
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:ND/RL:O/RC:C (What’s that?)
References: PMASA-2014-8, PMASA-2014-10
Problem Description: With several usage actions it is possible to trigger XSS in various components. By deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature.
Solution: An updated version 4.18.3 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/phpmyadmin/4.18.3/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: The vendor of the phpMyAdmin upstream software credits Ashutosh Dhundhara (PMASA-2014-8) and Olivier Beg (PMASA-2014-8). Thanks to Andreas Beutel for providing a TYPO3 extension package with an updated phpMyAdmin version.
General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.
DSA-3036 mediawiki – security update
It was discovered that MediaWiki, a wiki engine, did not sufficiently
filter CSS in uploaded SVG files, allowing for cross site scripting.
DSA-3037 icedove – security update
Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the
Mozilla Network Security Service library, embedded in Wheezy’s Icedove),
was parsing ASN.1 data used in signatures, making it vulnerable to a
signature forgery attack.
Why The Heyday Of Credit Card Fraud Is Almost Over
Nucom ADSL ADSLR5000UN ISP Credential Disclosure
Nucom ADSL ADSLR5000UNv2 suffers from a remote credential disclosure vulnerability.