[SECURITY] [DSA 2693-1] libx11 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2693-1 secur...@debian.org http://www.debian.org/security/ Raphael Geissert May 24, 2013 http://www.debian.org/security/faq - - Package: libx11 Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-1981 CVE-2013-1997 CVE-2013-2004 Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related libraries: Various integer overflows, sign handling errors in integer conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service. For the oldstable distribution (squeeze), these problems have been fixed in version 2:1.3.3-4+squeeze1. For the stable distribution (wheezy), these problems have been fixed in version 2:1.5.0-1+deb7u1. For the unstable distribution (sid), these problems have been fixed in version 2:1.5.0-1+deb7u1. We recommend that you upgrade your libx11 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGf2z0ACgkQYy49rUbZzlp1dQCdG/eMBfNb/kk1yXdBL2K3vEHM KUMAnj0F1zDyLUwwyNfIg9KN+uVjUDri =uKma -END PGP SIGNATURE-
DC4420 - London DEFCON - May meet - Tuesday 28th May 2013
The theme of the month is crypto, with 2 great talks for you ... Primary Speaker: Bjoern Paul Richard Schwabe, Freelancer Title: Encryption in the cloud Synopsis: SaaS cloud models for data storage such as Dropbox and Box have been around for a long time. Zero-Knowledge SaaS did not get much attention in the media and public, even though many ToC of traditional SaaS hold sentences like these: ...In these cases, will remove ’s encryption from the files before providing them to law enforcement.. What can we do about it ? What is the hype about MEGA's security practice? I have devoted my Bsc. IT Security and Computer Forensics final year project towards this issue and analysed different contestants, including MEGA's JS files and API to come up with practical solution. I would like to present my result with an one hour talk covering the areas of: an introduction to cryptography to understand the concept's cipher and the usage of them as well as the concept that will not give service providers the chance to decrypt user's data. ~~~ Secondary Speaker: Craig Heath, Franklin Heath Ltd Title: Security Lessons from Bletchley Park and Enigma Synopsis: A brief review of how the Enigma machine works, how it was broken, and how security people keep making similar mistakes today. *** Venue: The Phoenix, Cavendish Square http://www.phoenixcavendishsquare.co.uk/ Date: Tuesday 28th May, 2013 Time: 17:30 till kicking out - talk starts at 19:30 Entry is free, see you there! http://dc4420.org Cheers, Tony
GreHack 2013 - 2nd Call For Papers - November 15, Grenoble, France
--- *GreHack 2013* — 2nd Call For Papers November 15, Grenoble, France http://grehack.org — Twitter: @grehack --- *Topics* The 2nd International Symposium on Grey-Hat Hacking — aka GreHack 2013 — will gather researchers and practitioners from academia, industry, and government to discuss new advances in computer and information security research. All topics related to vulnerability discovery are within scope. In addition, topics of interest also include but are not limited to: - Reverse Engineering and Obfuscation - Vulnerability Discovery, Analysis and Exploit Automation - Embedded Systems Security, including Smartphone Security - Hardware Vulnerabilities - Malware Creation, Analysis and Prevention - Web Application Security - Network Exfiltration - Intrusion Detection and Prevention - Security and Privacy in Cloud, P2P Networks - Penetration Testing - Disclosure and Ethics - Digital Forensics - Applied Cryptography and Cryptanalysis We encourage original and groundbreaking submissions, demonstrations, release of a new open source/non-commercial tool, and interaction with the audience. Each submission will be reviewed by at least three members of the Program Committee. --- *Important Dates* - Submission deadline: June 30, 2013 11pm59 Honolulu, Hawaii Time - Reviews due: August 25, 2013 11pm59 Honolulu, Hawaii Time - Decision notification: September 4, 2013 - Final paper camera-ready:September 30, 2013 11pm59 Honolulu, Hawaii Time - Symposium: November 15, 2013 --- *Submissions Types* GreHack 2013 will consider following types of submissions: *Full research papers* presenting mature and novel research results. Their total length should range from 10 to 16 pages. *Short Papers/Extended Abstracts* describing novel ideas of potential interest to the security research community. Their total length should range from 4 to 8 pages. Papers accepted by the Program Committee will be presented at GreHack 2013. Each paper must include an abstract and a list of keywords, be formatted in a single-column format, use at least 11-point fonts, and have reasonable margins. Templates are available on the website (Latex and Word). Total length includes the bibliography and any appendices. GreHack does not require anonymized submissions, thus authors and affiliations must be mentioned. For accepted papers, at least one of the authors must attend the conference and present the paper. Papers must neither have been previously accepted for publication nor submitted in another conference or journal with formal proceedings. Industry conferences such as BlackHat do not have formal proceedings. Further questions on the submission process may be sent to the program chairs at pc-chairs-2...@grehack.org. --- * Best Paper Award* The Program Committee members will select the best paper to be announced and awarded at the last session of the symposium. --- *Publishing: Springer JCVHT* The best papers will be selected from submissions, carefully reviewed, and published in the prestigious Springer Journal in Computer Virology and Hacking Techniques (JCVHT). JCVHT is an open journal: the access to the papers is free of charges for the reader. http://www.springer.com/computer/journal/11416 http://academic.research.microsoft.com/Journal/890/journal-in-computer-virology --- *Program Committee* - Dan Alloun (Intel, Israel) - Ruo Ando (NICT, Japan) - Jean-Philippe Aumasson (Kudelski Security, Switzerland) - Sofia Bekrar (VUPEN Security, France) - Elie Bursztein (Google, US) - Fabrice Desclaux aka Serpilliere (France) - Adam Doupe (UCSB, US) - Fabien Duchene (LIG, France) - Chris Eng (Veracode, US) - Peter Van Eeckhoutte aka corelanc0d3r (Corelan, Belgium) - Manuel Egele (CMU, US) - Philippe Elbaz-Vincent (UJF, France) - Eric Filiol (ESIEA, France) - The Grugq (Thailand) - Mario Heiderich (Ruhr University Bochum, Germany) - Pascal Lafourcade (VERIMAG, France) - Cedric Lauradoux (INRIA, France) - Pascal Malterre (CEA-DAM, France) - Laurent Mounier (VERIMAG, France) - Stefano Di Paola (Minded Security, Italia) - Marie-Laure Potet (VERIMAG, France) - Paul Rascagneres aka r00tBSD (Malware.Lu, Luxembourg) - Sanjay Rawat (India) - Raphael Rigo (ANSSI, France) - Nicolas Ruff (EADS Innovation Works, France) - Steven Seeley aka Mr_Me (Immunity, US) - Fermin J. Serna (Google, US) - Nikita Tarakanov (Russia) --- *Accepted Author Benefits* (1 author per accepted paper) - One free entry to the conference - Limited financial participation to author expenses (accommodation and travel). Priority for travel grants will be given to students. --- *Submission Guidelines* Submissions will be handled via EasyChair at:
[ MDVSA-2013:167 ] openvpn
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:167 http://www.mandriva.com/en/support/security/ ___ Package : openvpn Date: May 27, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Updated openvpn package fixes security vulnerability: OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function. Plaintext recovery may be possible using a padding oracle attack on the CBC mode cipher implementation of the crypto library, optimistically at a rate of about one character per 3 hours. PolarSSL seems vulnerable to such an attack; the vulnerability of OpenSSL has not been verified or tested (CVE-2013-2061). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2061 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0153 ___ Updated Packages: Mandriva Enterprise Server 5: c3f9d0b84493a7df95b526bf27684644 mes5/i586/openvpn-2.1-0.rc10.2.4mdvmes5.2.i586.rpm c1808613e341bb1ebcabcebb2ad5fd47 mes5/SRPMS/openvpn-2.1-0.rc10.2.4mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: ff387b293bcba6c126b14431d1bcb7ab mes5/x86_64/openvpn-2.1-0.rc10.2.4mdvmes5.2.x86_64.rpm c1808613e341bb1ebcabcebb2ad5fd47 mes5/SRPMS/openvpn-2.1-0.rc10.2.4mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 9644de77991bb55ddff9801c7cb8f5a8 mbs1/x86_64/openvpn-2.2.2-6.1.mbs1.x86_64.rpm b4b073c276bd20929db3bcb2b6e80621 mbs1/SRPMS/openvpn-2.2.2-6.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRoyBamqjQ0CJFipgRAvw4AJ90mTSzeb2S0G3oSe3zKG1SIMO/ygCgrfMm 1c8qCHRz/C2Nz7KkfzKqKyo= =Izkl -END PGP SIGNATURE-
[ MDVSA-2013:168 ] python-httplib2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:168 http://www.mandriva.com/en/support/security/ ___ Package : python-httplib2 Date: May 27, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated python-httplib2 packages fix security vulnerability: httplib2 only validates SSL certificates on the first request to a connection, and doesn#039;t report validation failures on subsequent requests (CVE-2013-2037). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2037 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0152 ___ Updated Packages: Mandriva Business Server 1/X86_64: afa8980e5e22dfd3595dc0e3be79a559 mbs1/x86_64/python-httplib2-0.7.4-3.2.mbs1.noarch.rpm 1a1acc7829f9238c1d495c41307c2f1a mbs1/SRPMS/python-httplib2-0.7.4-3.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRoyOZmqjQ0CJFipgRAtHIAKCA+xqxtIHJNQVmrAFLLVhE9LmeTACg6Ivo yBLA9WwHGWGGoLdLRT9LQAU= =LKr2 -END PGP SIGNATURE-
Barracuda SSL VPN 680 2.2.2.203 - Redirect Web Vulnerability
Title: == Barracuda SSL VPN 680 2.2.2.203 - Redirect Web Vulnerability Date: = 2013-05-25 References: === http://www.vulnerability-lab.com/get_content.php?id=755 Barracuda Networks Security ID (BNSEC): 731 VL-ID: = 755 Common Vulnerability Scoring System: 1.3 Introduction: = The Barracuda SSL VPN is an integrated hardware and software solution enabling secure, clientless remote access to internal network resources from any Web browser. Designed for remote employees and road warriors, the Barracuda SSL VPN provides comprehensive control over file systems and Web-based applications requiring external access. The Barracuda SSL VPN integrates with third-party authentication mechanisms to control user access levels and provides single sign-on. Barracuda SSL VPN * Enables access to corporate intranets, file systems or other Web-based applications * Tracks resource access through auditing and reporting facilities * Scans uploaded files for viruses and malware * Leverages multi-factor, layered authentication mechanisms, including RSA SecurID and VASCO tokens * Integrates with existing Active Directory and LDAP directories * Utilizes policies for granular access control framework * Supports any Web browser on PC or Mac (Copy of the Vendor Homepage: http://www.barracudanetworks.com/ns/products/sslvpn.php) Abstract: = The Vulnerability Laboratory Research Team discovered a redirect vulnerability in the official Barracuda Networks SSL VPN 680 v2.2.2.203. Report-Timeline: 2012-11-11: Researcher Notification Coordination 2012-11-12: Vendor Notification 2012-11-19: Vendor Response/Feedback 2013-02-20: Vendor Fix/Patch 2012-05-27: PublicDisclosure Status: Published Affected Products: == Barracuda Networks Product: SSL VPN 680 2.2.2.203 Exploitation-Technique: === Remote Severity: = Low Details: A remote redirection (external) vulnerability is detected in the Barracuda SSL VPN 680 v2.2.2.203 (Vx) Web Application Appliance. The bug allows remote attackers to prepare links to client side external redirects with malware, phishing websites or malicious web context. The vulnerability is located in the resourceId parameter request when processing to load via GET method an internal `returnTo` file redirect. Vulnerable Module(s): [+] launchApplication.do [resourceId] Vulnerable Parameter(s): [+] returnTo Proof of Concept: = The vulnerability can be exploited by remote attacker without privileged application user account but with medium or high required user inter action. For demonstration or reproduce ... 1.1 The first url shows the standard request via GET request https://sslvpn.127.0.0.1:8080/launchApplication.do?resourceId=1policy=1returnTo=%2FshowApplicationShortcuts.do 1.2 The secound url shows the manipulated remote context via GET request https://sslvpn.127.0.0.1:8080/launchApplication.do?resourceId=1policy=1returnTo=http://www.vulnerability-lab.com https://sslvpn.[SERVER]/[FILE].do?[RES+ID]=x[POLICY]=xreturnTo=[EXTERNAL TARGET] Solution: = The vulnerability can be patched by allowing only local file requests when processing to load the vulnerable returnTo parameter via GET. 2013-02-20: Vendor Fix/Patch Risk: = The security risk of the redirection vulnerability is estimated as low(+). Credits: Vulnerability Laboratory [Research Team] -Chokri Ben Achour (meis...@vulnerability-lab.com) Barracuda Networks [Security Team] - Dave Farrow (Communication Coordination) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains:www.vulnerability-lab.com - www.vuln-lab.com - www.vulnerability-lab.com/register Contact:ad...@vulnerability-lab.com - supp...@vulnerability-lab.com - resea...@vulnerability-lab.com Section:video.vulnerability-lab.com - forum.vulnerability-lab.com