Category Archives: Security

Security

Mandriva

[ MDVSA-2014:183 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:183
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : phpmyadmin
 Date    : September 24, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated phpmyadmin package fixes security vulnerability:
 
 In phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on
 a crafted URL, it is possible to perform remote code execution and in
 some cases, create a root account due to a DOM based XSS vulnerability
 in the micro history feature (CVE-2014-6300).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6300
 http://advisories.mageia.org/MGASA-2014-0383.html
 _______
Mandriva

[ MDVSA-2014:182 ] zarafa

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:182
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : zarafa
 Date    : September 24, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated zarafa packages fix security vulnerabilities:
 
 Robert Scheck reported that Zarafa's WebAccess stored session
 information, including login credentials, on-disk in PHP session
 files. This session file would contain a user's username and password
 to the Zarafa IMAP server (CVE-2014-0103).
 
 Robert Scheck discovered that the Zarafa Collaboration Platform has
 multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448,
 CVE-2014-5449, CVE-2014-5450).
 _______________________________________________
Mandriva

[ MDVSA-2014:181 ] dump

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:181
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : dump
 Date    : September 24, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated dump packages fix security vulnerability:
 
 An integer overflow in liblzo before 2.07 allows attackers to cause
 a denial of service or possibly code execution in applications using
 performing LZO decompression on a compressed payload from the attacker
 (CVE-2014-4607).
 
 The dump package is built with a bundled copy of minilzo, which is
 a part of liblzo containing the vulnerable code.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?nam
Security

Advantech WebAccess dvs.ocx GetColor Buffer Overflow

This Metasploit module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This Metasploit module has been tested successfully on Windows XP SP3 with IE6 and Windows 7 SP1 with IE8 and IE 9.

Security

Suricata 2.0.3 Out Of Bounds Access

It was found out that the application parser for SSH integrated in Suricata version 2.0.3 contains a flaw that might lead to an out-of-bounds access. For this reason a denial of service towards the Suricata monitoring software might be possible using crafted packets on the monitoring interface.