Category Archives: Security

Security

Microsft

MS14-005 – Important: Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (February 28, 2014): Bulletin revised to announce a detection change in the 2916036 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows Server 2012 R2, and Windows RT 8.1. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services included in Microsoft Windows. The vulnerability could allow information disclosure if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to view specially crafted content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to an attacker’s website, or by getting them to open an attachment sent through email.

Microsft

MS13-095 – Important: Vulnerability in Digital Signatures Could Allow Denial of Service – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (February 28, 2014): Bulletin revised to announce a detection change in the 2868626 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows RT 8.1, and Windows Server 2012 R2. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service when an affected web service processes a specially crafted X.509 certificate.

Nagios

CVE-2014-1878

Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi. (CVSS:5.0) (Last Update:2014-02-28)

Python

CVE-2014-1912

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. (CVSS:7.5) (Last Update:2014-05-10)

Debian

[BSA-093] Security Update for gnutls28

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Andreas Metzler  uploaded new packages for gnutls28 which fixed the
following security problems:

CVE-2014-1959 / DSA 2866-1 / GNUTLS-SA-2014-1
  Suman Jana reported that GnuTLS, deviating from the documented
  behavior considers a version 1 intermediate certificate as a CA
  certificate by default.

For the testing distribution (jessie) and the unstable distribution
(sid), this problem has been fixed in gnutls26/2.12.23-12 and
gnutls28/3.2.11-1.

For the stable distribution this problem has been fixed in
gnutls26/2.12.20-8. 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJTCLAZAAoJEKVPAYVDghSE3KIP/ixlMQKA9H/v4FqWB2QOQIeY
QT67kgjrG/UKgEBk3pivvfWU8bSRA8SQ4AJXnKSMrkq6GkAEOBCFV8pVdHZV2pVZ
zUJ25vt4LX9cJHnOmMDSyC5Rrc/MH6/NnJWxIcZryc+XNOrzP0P00WqJ6fRfkZ/M
X7ktaICuNH5FqZ+P5ROdUrx+P8VX2y65vTTMrOTVPDYnn+hQBXXlQBK/7bUj0fkj
xsEP3XBLVqGrfJWzAxMCiOTMFgPzlc1MaQT2tCfIgHsWdATUYgKX8R5Nt+a2PrYo
S8IFrfpuXj9Kgamwj2ODs+lp7vDG2ftVTrTkaT4Mb7Xi0WdsTrM
Debian

[BSA-092] Security Update for pidgin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

intrigeri uploaded new packages for pidgin which fixed the
following security problems:

CVE-2013-6477
  Jaime Breva Ribes discovered that a remote XMPP user can trigger a crash by
  sending a message with a timestamp in the distant future.

CVE-2013-6478
  Pidgin could be crashed through overly wide tooltip windows.

CVE-2013-6479
  Jacob Appelbaum discovered that a malicious server or a "man in the middle"
  could send a malformed HTTP header resulting in denial of service.

CVE-2013-6481
  Daniel Atallah discovered that Pidgin could be crashed through malformed
  Yahoo! P2P messages.

CVE-2013-6482
  Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin could be
  crashed through malformed MSN messages.

CVE-2013-6483
  Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin could be
  crashed through malformed XMPP messages.

CVE-2013-6484
  It was discovered that incorrect error handling when reading the response from
  a STUN server
NVD

CVE-2014-0322 (internet_explorer)

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.

Typo3

Access Bypass in extensions "Yet Another Gallery" (yag) and "Tools for Extbase development" (pt_extbase)

Release Date: February 12, 2014

Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.

Affected Versions: yag: Version 3.0.0 and below, pt_extbase: Version 1.5.0 and below

Vulnerability Type: Access Bypass

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:F/RL:O/RC:C (What’s that?)

CVE: CVE-2014-6289

Bulletin update: September 18, 2014 (added CVE)

Problem Description: The extension pt_extbase comes with an Ajax dispatcher for Extbase. Using this dispatcher it is possible to call every action in every controller of every Extbase extension installed on the system. The dispatcher failes to do access checks, thus it is possible to bypass access checks for Extbase Backend Modules like the backend user administration module. The extension yag also delivered an Ajax dispatcher, which was unused but vulnerable.

Important Note: The unused Ajax Dispatcher code in extension yag has been removed. If any other installed extensions made use of this dispatcher, it will stop working. Additionally the Ajax dispatcher in pt_extbase was modified to do access checks. Third party extensions using this dispatcher need to be added to the list of allowed actions.

Solution: Updated versions 3.0.1 and 1.5.1 are available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/yag/3.0.1/t3x/ and http://typo3.org/extensions/repository/download/pt_extbase/1.5.1/t3x/. Users of the extension are advised to update the extension as soon as possible.

Credits: Credits go to Andrea Schmuttermair who discovered and reported this issue.

General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.

Typo3

Mass Assignment in extension Direct Mail Subscription (direct_mail_subscription)

Release Date: February 12, 2014

Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.

Affected Versions: Version 2.0.0 and below

Vulnerability Type: Mass Assignment

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:F/RL:O/RC:C (What’s that?)

Problem Description: The extension Direct Mail Subscription bundles a vulnerable version of the old the feuser_adminLib.inc library. This means that any links for creating records generated by this library can be manipulated to fill any field in the configured database table with arbitrary values. An attack is not limited to the fields listed in the configuration or the link itself.

Related CVE: CVE-2013-7075

Solution: An updated version 2.0.1 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/direct_mail_subscription/2.0.1/t3x/. Users of the extension are advised to update the extension as soon as possible.

General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.