[security bulletin] HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04041082 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04041082 Version: 1 HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-12-19 Last Updated: 2013-12-19 Potential Security Impact: Cross-site scripting (XSS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified in HP Autonomy Ultraseek. The vulnerability could be exploited as cross-site scripting (XSS). References: CVE-2013-6196 (JVN#69700259, JPCERT#98705015, SSRT101354) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Autonomy Ultraseek v5 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2013-6196(AV:N/AC:M/Au:M/C:N/I:P/A:N) 2.8 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION The vulnerability is resolved in HP Autonomy Ultraseek v6 and greater. HISTORY Version:1 (rev.1) - 19 December 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlKy8MsACgkQ4B86/C0qfVlRUACg9sYdOgziGeli4DZQDnJ64tjq Vr4AoJCrop95EdMDjg+Vqofn8kmmc/gl =UYAX -END PGP SIGNATURE-
[ MDVSA-2013:295 ] gnupg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:295 http://www.mandriva.com/en/support/security/ ___ Package : gnupg Date: December 19, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been discovered and corrected in gnupg: Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts (CVE-2013-4576). The updated packages have been patched to correct this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576 http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html http://www.debian.org/security/2013/dsa-2821 ___ Updated Packages: Mandriva Enterprise Server 5: 56ca0c10091545096e9e2a8520a3e9a9 mes5/i586/gnupg-1.4.9-5.4mdvmes5.2.i586.rpm 330744e0b7dbd446bb25351b81c2d306 mes5/SRPMS/gnupg-1.4.9-5.4mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 08b25e92eb5200e1270d48cb4a39e1fa mes5/x86_64/gnupg-1.4.9-5.4mdvmes5.2.x86_64.rpm 330744e0b7dbd446bb25351b81c2d306 mes5/SRPMS/gnupg-1.4.9-5.4mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 902cadfbd900984b6f4c3374bef90d12 mbs1/x86_64/gnupg-1.4.12-3.3.mbs1.x86_64.rpm 5c1f71a7c73fd4c820f1b7e596ad5bec mbs1/SRPMS/gnupg-1.4.12-3.3.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSsvjdmqjQ0CJFipgRAlFGAJ477VcHTExLyEZNxtxCTg7ZQtU25QCg7gUi U2POB7gHi2CV8jYNIxV/Y00= =hdtO -END PGP SIGNATURE-
[SECURITY] [DSA 2824-1] curl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2824-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 19, 2013 http://www.debian.org/security/faq - - Package: curl Vulnerability : unchecked tls/ssl certificate host name Problem type : remote Debian-specific: no CVE ID : CVE-2013-6422 Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend. The default configuration for the curl package is not affected by this issue since the digital signature verification is enabled by default. The oldstable distribution (squeeze) is not affected by this problem. For the stable distribution (wheezy), this problem has been fixed in version 7.26.0-1+wheezy7. For the unstable distribution (sid), this problem has been fixed in version 7.34.0-1. We recommend that you upgrade your curl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJSsz7uAAoJEAVMuPMTQ89EUL0P/3q6ONK4nK45k35+zxbcEUBA FrDS5AgVxSXf8J6RWtamnaQAZ4q0zwLLYm7rK0TuClzXf5DuwLOtTjmlXsA1OaP2 2/35FNHhPAv0NDkaMlg5GB3rZpKc76HNFJC20RT6CxsE504IfCUYil3j3ArMKr9X ohGWaAfjmPMzvopSTOFDyeLRz7nC3AG4rTfdEenEdjivrTeum7JuH10Orxkj7maz bZ5ywhxh7MPvn3QjK39MHDWf56pJg0vUoGvSUQ/8gTlPMXpjTC6XXANwoH0hcOx+ jit9c2cA/2euY9N/aX6HXc39tnzPFGXh0fF1LJW3I27DQEZWeBJCJac+njA5frjF zEbC1ss/8BcgQ8/NZPHM0WJqufE2CLiklOYh5ZIbRBgzfL7vgTVFjb2StazMUgH/ iGaiJYwszNrVz0AoCJtaZLGBxxZFCDdjVeFqsc0uUWUoW8Y1n1eqLKg/AgMANuUc qGPaVLhlkoWnIwj/28eiT6rosriQ2ojp0igpIr1iabFGe5ewFx93Kfzl3UKMqYh8 Z0iNIz4AYt+P/jQxh/Xjpw4p+yYExyx1n0f5rscp3tFx6JtMvJKFwUbVabTvO7QL SEGQajyc8Vj9d6Q6zYWe/LbP4BBx9HWyfXHQrukDb+9w3ZcQ92IlNDEKUYsdRjiR jd+9YksjvKXjEzGQGf4t =JY3g -END PGP SIGNATURE-
Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities
Document Title: === Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1172 Release Date: = 2013-12-19 Vulnerability Laboratory ID (VL-ID): 1172 Common Vulnerability Scoring System: 7.4 Product Service Introduction: === ong Exporter Pro lets you transfer via Wi-Fi the songs you have in your iPhone, iPod touch or iPad to any computer in your network. No iTunes required. Now you can backup your songs, share them with your friends and workmates, and stream them directly to almost any media player! The ability to directly access your own music on your iPhone is something that Apple should have built into their iOS devices, but Song Exporter Pro fills that void quite nicely. This is an app that everyone should get. Song Exporter Pro is a must have app if you love to share your music with friends. They nailed such a basic essential need that is a major pain point for iOS devices users. It`s reliable, lightweight and easy to use. (Copy of the Homepage: https://itunes.apple.com/us/app/song-exporter-pro/id421646421 ) Abstract Advisory Information: == The Vulnerability Laboratory Research Team discovered multiple web vulnerabilities in the official Rocha Software Song Exporter 2.1.1 Pro iOS mobile application. Vulnerability Disclosure Timeline: == 2013-12-19:Public Disclosure (Vulnerability Laboratory) Discovery Status: = Published Affected Product(s): Rocha Software Product: Song Exporter - Mobile Web Application (iOS) 2.1.1 Exploitation Technique: === Remote Severity Level: === High Technical Details Description: A local file/path include web vulnerability has been discovered in the official Rocha Software Song Exporter 2.1.1 Pro mobile web-application for apple iOS. The local file include web vulnerability allows remote attackers to unauthorized include local file requests or system specific path commands to compromise the web-application or device. The local file include web vulnerability is located in the vulnerable `artist`,`album`,`name(filename)` value of the `Index File Dir List` module (web-interface). Remote attackers are able to sync via itunes own files with malicious filename, artist titel or album name. The attack vector is persistent and the request method is GET. The local file/path include execute occcurs in the main `file dir index` list. The security risk of the local file include web vulnerability is estimated as high(-) with a cvss (common vulnerability scoring system) count of 7.4(+)|(-)7.5. Exploitation of the local file include web vulnerability requires no user interaction or privileged web-application user account with password. Successful exploitation of the local web vulnerability results in mobile application or connected device component compromise by unauthorized local file include web attacks. Vulnerable Input(s): [+] Song Exporter Pro - Index Song Dir List Vulnerable Parameter(s): [+] Name (filename) [+] Artist (name) [+] Album (name) Affected Module(s): [+] Index File Dir List (http://localhost:8080) [+] Songs Path (http://localhost:8080/songs/) [+] File - Unicode Playlist [+] File - Playlist Proof of Concept (PoC): === The local file include web vulnerabilities can be exploited by local attackers with physical device access or restricted user accounts without user interaction. For security demonstration or to reproduce follow the provided information and steps below. PoC: Name (filename) table style=width:780px id=maintable border=0 cellpadding=0 cellspacing=0 theadtr th class=asc width=60h3Pos/h3/th th class=head width=300h3Name/h3/th th class=head width=60h3Time/h3/th th class=head width=180h3Artist/h3/th th class=head width=180h3Album/h3/th /tr/thead tbody tr class=evenrwtd class=evensl align=right1/td tda href=http://localhost:8080/songs/../[LOCAL FILE INCLUDE VULNERABILITY!]\.mp3[LOCAL FILE INCLUDE VULNERABILITY!].mp3/a/td td align=right3:27/td tdBlumentopf/td tdWir/td/tr /tbody /table PoC: Artist (name) table style=width:780px id=maintable border=0 cellpadding=0 cellspacing=0 theadtr th class=asc width=60h3Pos/h3/th th class=head width=300h3Name/h3/th th class=head width=60h3Time/h3/th th class=head width=180h3Artist/h3/th th class=head width=180h3Album/h3/th /tr/thead tbody tr class=evenrwtd class=evensl align=right1/td tda
[REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability
Revive Adserver Security Advisory REVIVE-SA-2013-001 Advisory ID: REVIVE-SA-2013-001 CVE ID:CVE-2013-7149 Date: 2013-12-20 Security risk: Critical Applications affected: Revive Adserver Versions affected: = 3.0.1 Versions not affected: = 3.0.2 Website: http://www.revive-adserver.com/ Vulnerability: SQL injection Description --- An SQL-injection vulnerability was recently discovered and reported to the Revive Adserver team by Florian Sander. The vulnerability is known to be already exploited to gain unauthorised access to the application using brute force mechanisms, however other kind of attacks might be possible and/or already in use. The risk is rated to be critical as the most common end goal of the attackers is to spread malware to the visitors of all the websites and ad networks that the ad server is being used on. The vulnerability is also present and exploitable in OpenX Source 2.8.11 and earlier versions, potentially back to phpAdsNew 2.0.x. Details --- The XML-RPC delivery invocation script was failing to escape its input parameters in the same way the other delivery methods do, allowing attackers to inject arbitrary SQL code via the what parameter of the delivery XML-RPC methods. Also, the escaping technique used to handle such parameter in the delivery scripts was based on the addslashes PHP function and has now been upgraded to use the dedicated escaping functions for the database in use. References -- http://www.kreativrauschen.com/blog/2013/12/18/zero-day-vulnerability-in-openx-source-2-8-11-and-revive-adserver-3-0-1/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7149 Permalink - http://www.revive-adserver.com/security/REVIVE-SA-2013-001 Solution We strongly advise people to upgrade to the most recent 3.0.2 version of Revive Adserver, including those running OpenX Source or older versions of the application. In case the upgrade cannot be performed in a timely fashion, we suggest to delete the www/delivery/axmlrpc.php script (if not in use) as a temporary fix until the application is upgraded. Contact Information === The security contact for Revive Adserver can be reached at: security AT revive-adserver DOT com -- Matteo Beccati On behalf of the Revive Adserver Team http://www.revive-adserver.com/
[ MDVSA-2013:296 ] wireshark
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:296 http://www.mandriva.com/en/support/security/ ___ Package : wireshark Date: December 20, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Multiple vulnerabilities was found and corrected in Wireshark: The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet (CVE-2013-7112). Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet (CVE-2013-7114). This advisory provides the latest version of Wireshark (1.8.12) which is not vulnerable to these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114 http://www.wireshark.org/security/wnpa-sec-2013-66.html http://www.wireshark.org/security/wnpa-sec-2013-68.html ___ Updated Packages: Mandriva Enterprise Server 5: 05f73378571d99273650b6774682fc8e mes5/i586/dumpcap-1.8.12-0.1mdvmes5.2.i586.rpm d2aa2b554af6e1eb0c98a7dc96f1dd00 mes5/i586/libwireshark2-1.8.12-0.1mdvmes5.2.i586.rpm 4ef7825b09b59ad81bb8be8a5c3486f1 mes5/i586/libwireshark-devel-1.8.12-0.1mdvmes5.2.i586.rpm b96d187a896962e2d318a8a9cf3e6e26 mes5/i586/rawshark-1.8.12-0.1mdvmes5.2.i586.rpm 051e69463dfc3b881dd011c86730cdc5 mes5/i586/tshark-1.8.12-0.1mdvmes5.2.i586.rpm b2c7dd0593a2d496184bcbe78df8a151 mes5/i586/wireshark-1.8.12-0.1mdvmes5.2.i586.rpm 4461a1753a5305fc47fbb39a05d2 mes5/i586/wireshark-tools-1.8.12-0.1mdvmes5.2.i586.rpm f8860655ea8d1114d9c9227599d26692 mes5/SRPMS/wireshark-1.8.12-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: b9f1a1c7d98e15784b5fadf35f64b6f1 mes5/x86_64/dumpcap-1.8.12-0.1mdvmes5.2.x86_64.rpm eb6f8b1be3dabf8803048a09be29d960 mes5/x86_64/lib64wireshark2-1.8.12-0.1mdvmes5.2.x86_64.rpm 32158c9f5e6bd64b2f907f62d9740261 mes5/x86_64/lib64wireshark-devel-1.8.12-0.1mdvmes5.2.x86_64.rpm 4b5fbfca3a918dab1083471e8371b402 mes5/x86_64/rawshark-1.8.12-0.1mdvmes5.2.x86_64.rpm 60329cc2a6d1eba976e418efe45f34e8 mes5/x86_64/tshark-1.8.12-0.1mdvmes5.2.x86_64.rpm a51cc8861bc84d65c9d9d7314fd7940a mes5/x86_64/wireshark-1.8.12-0.1mdvmes5.2.x86_64.rpm 7d821ad8b4eb42b38e54b4a3b50c653a mes5/x86_64/wireshark-tools-1.8.12-0.1mdvmes5.2.x86_64.rpm f8860655ea8d1114d9c9227599d26692 mes5/SRPMS/wireshark-1.8.12-0.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 955e0a6249c135f9b6e3b96aea2ae806 mbs1/x86_64/dumpcap-1.8.12-1.mbs1.x86_64.rpm 8c4e99d362feed33e3e95332e37a4810 mbs1/x86_64/lib64wireshark2-1.8.12-1.mbs1.x86_64.rpm 08647aa2ec96939c83386d60513f4328 mbs1/x86_64/lib64wireshark-devel-1.8.12-1.mbs1.x86_64.rpm 5edb13e8c2b09cb814057b8465bc4289 mbs1/x86_64/rawshark-1.8.12-1.mbs1.x86_64.rpm 40cd9f258b064205b1362a13c379fc37 mbs1/x86_64/tshark-1.8.12-1.mbs1.x86_64.rpm 3cca3507e5094fcf5fc190623ec1dea7 mbs1/x86_64/wireshark-1.8.12-1.mbs1.x86_64.rpm 9bc0a2917bee5c2121789436a30654b1 mbs1/x86_64/wireshark-tools-1.8.12-1.mbs1.x86_64.rpm 367f97086f4e04b3cbaeb1e59c4749eb mbs1/SRPMS/wireshark-1.8.12-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFStBpvmqjQ0CJFipgRApSZAJ9d7itPR8M8pVrV4EvZfC8vApRlHwCfdGzm GyUAPj6/67M4WVHwrBn+8yg= =D54m -END PGP SIGNATURE-
[ MDVSA-2013:297 ] munin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:297 http://www.mandriva.com/en/support/security/ ___ Package : munin Date: December 20, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated munin packages fix security vulnerabilities: The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master (CVE-2013-6048). A malicious node, with a plugin enabled using multigraph as a multigraph service name, can abort data collection for the entire node the plugin runs on (CVE-2013-6359). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6359 http://advisories.mageia.org/MGASA-2013-0378.html ___ Updated Packages: Mandriva Business Server 1/X86_64: b20e89d5a943f0d3deadb324091ab6ef mbs1/x86_64/munin-2.0-0.rc5.3.2.mbs1.noarch.rpm 4ae6191940301c45b1ce7b32fa625122 mbs1/x86_64/munin-master-2.0-0.rc5.3.2.mbs1.noarch.rpm 3a02701b006afcd70430c4de7e96c7e8 mbs1/x86_64/munin-node-2.0-0.rc5.3.2.mbs1.noarch.rpm d07ea1401e5ab3415c2576281ec60aee mbs1/SRPMS/munin-2.0-0.rc5.3.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFStB67mqjQ0CJFipgRAqvjAJ9ufBj1kR8aWaw3XlBYKR6RaBCDuwCgtKPu eGZL88vNG4OY02tCGXazt58= =7+/H -END PGP SIGNATURE-
[SECURITY] [DSA 2825-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2825-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff December 20, 2013 http://www.debian.org/security/faq - - Package: wireshark Vulnerability : several Problem type : local(remote) Debian-specific: no CVE ID : CVE-2013-7113 CVE-2013-7114 Laurent Butti and Garming Sam discored multiple vulnerabilities in the dissectors for NTLMSSPv2 and BSSGP, which could lead to denial of service or the execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 1.8.2-5wheezy9. For the unstable distribution (sid), these problems have been fixed in version 1.10.4-1. We recommend that you upgrade your wireshark packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iEYEARECAAYFAlK0XgcACgkQXm3vHE4uylrKjgCfVTOT8kARewE6iV6onlA/gfls 9qkAoLuMZRHe52ZLhignrtWWzF5R7X/F =nXRp -END PGP SIGNATURE-
[ MDVSA-2013:298 ] php
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:298 http://www.mandriva.com/en/support/security/ ___ Package : php Date: December 20, 2013 Affected: Enterprise Server 5.0 ___ Problem Description: A vulnerability has been discovered and corrected in php: The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function (CVE-2013-6420). The updated packages have been upgraded to the 5.3.28 version which is not vulnerable to this issue. Additionally, some packages which requires so has been rebuilt for php-5.3.28. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420 http://www.php.net/ChangeLog-5.php#5.3.28 ___ Updated Packages: Mandriva Enterprise Server 5: e82f92ee5921854a4860d2aa6e8e6440 mes5/i586/apache-mod_php-5.3.28-0.1mdvmes5.2.i586.rpm 6bbc570aebd46f3489c86343158e77ec mes5/i586/libphp5_common5-5.3.28-0.1mdvmes5.2.i586.rpm 3e4c45f9a4e0a79c53452c17b2028b02 mes5/i586/php-apc-3.1.13-0.6mdvmes5.2.i586.rpm f6947e6a11ef29a4f4f0a07b81dd6016 mes5/i586/php-apc-admin-3.1.13-0.6mdvmes5.2.i586.rpm 4dfbe3eea5e46fd715201e4afca24c81 mes5/i586/php-bcmath-5.3.28-0.1mdvmes5.2.i586.rpm 53bbd1f4c396f167478729bd7577d862 mes5/i586/php-bz2-5.3.28-0.1mdvmes5.2.i586.rpm b4f6e07cf0cdd95931158afbc9bae331 mes5/i586/php-calendar-5.3.28-0.1mdvmes5.2.i586.rpm e2a76d50a531a01743c12bc6a9847680 mes5/i586/php-cgi-5.3.28-0.1mdvmes5.2.i586.rpm 3951910405f6e4236993377a356bb9a4 mes5/i586/php-cli-5.3.28-0.1mdvmes5.2.i586.rpm 9c18fab42a0463e6b171c89bcb34e59d mes5/i586/php-ctype-5.3.28-0.1mdvmes5.2.i586.rpm 81106282b9a8b8acbcafb503f703571f mes5/i586/php-curl-5.3.28-0.1mdvmes5.2.i586.rpm 55b58db133bc4facbc19aa8e66544194 mes5/i586/php-dba-5.3.28-0.1mdvmes5.2.i586.rpm 3af777218a08294e4db9f0185ec18408 mes5/i586/php-devel-5.3.28-0.1mdvmes5.2.i586.rpm 9740712e52b1c778865bc94f74a1f7d9 mes5/i586/php-doc-5.3.28-0.1mdvmes5.2.i586.rpm 50aba136682a5cb8b21036772e8bda91 mes5/i586/php-dom-5.3.28-0.1mdvmes5.2.i586.rpm 0676c080b0c1a0ab44755b78fa54edd2 mes5/i586/php-eaccelerator-0.9.6.1-0.12mdvmes5.2.i586.rpm 374e84efb147b96182eafba9e328c041 mes5/i586/php-eaccelerator-admin-0.9.6.1-0.12mdvmes5.2.i586.rpm 2543f2f5d65dcea79ccb42866f250033 mes5/i586/php-enchant-5.3.28-0.1mdvmes5.2.i586.rpm af59fcbaf9e89eb51b32e6fce0005c63 mes5/i586/php-exif-5.3.28-0.1mdvmes5.2.i586.rpm f0a8135c4fd701c63f9d8183d176f7a3 mes5/i586/php-fileinfo-5.3.28-0.1mdvmes5.2.i586.rpm 978ec9bad6067ee31acdb7d29c02ee6d mes5/i586/php-filter-5.3.28-0.1mdvmes5.2.i586.rpm 345bbcb9f0ff4a8f2d5b42bf80fc1aca mes5/i586/php-fpm-5.3.28-0.1mdvmes5.2.i586.rpm 9e53d96a14aaa5b321fee8c5219b179c mes5/i586/php-ftp-5.3.28-0.1mdvmes5.2.i586.rpm 2fb4464da4feed463b2e0be571b7a8ad mes5/i586/php-gd-5.3.28-0.1mdvmes5.2.i586.rpm c6fec5c8558c2d70314765a4bca56c4d mes5/i586/php-gettext-5.3.28-0.1mdvmes5.2.i586.rpm b806fa16d431e0a0bfb4536fcc5a3de0 mes5/i586/php-gmp-5.3.28-0.1mdvmes5.2.i586.rpm c97d2c1b6ee07309dd196733f115c66b mes5/i586/php-hash-5.3.28-0.1mdvmes5.2.i586.rpm 218a651d76a3f4eb342d825396970a4c mes5/i586/php-iconv-5.3.28-0.1mdvmes5.2.i586.rpm 162b43aed967096a40a8d2d8a39798b2 mes5/i586/php-imap-5.3.28-0.1mdvmes5.2.i586.rpm f74967cf95e9926a9a28493b50e564e2 mes5/i586/php-ini-5.3.28-0.1mdvmes5.2.i586.rpm bc5973f3e0a1cf0d3563d41227a4780f mes5/i586/php-intl-5.3.28-0.1mdvmes5.2.i586.rpm 8ba0dabb2dd54d90e8a813c129c5c4e9 mes5/i586/php-json-5.3.28-0.1mdvmes5.2.i586.rpm 61f0721739ea420d35ae9610cf9bfd6e mes5/i586/php-ldap-5.3.28-0.1mdvmes5.2.i586.rpm 008e485ea6cc24e40ab68ea6300a8ddf mes5/i586/php-mbstring-5.3.28-0.1mdvmes5.2.i586.rpm f85a78d805506aab05c816ce7b1cec14 mes5/i586/php-mcrypt-5.3.28-0.1mdvmes5.2.i586.rpm e9ebee4cca894eb2ce5823a382794abb mes5/i586/php-mssql-5.3.28-0.1mdvmes5.2.i586.rpm e044f3a34ef946db4063b9dbc37a757a mes5/i586/php-mysql-5.3.28-0.1mdvmes5.2.i586.rpm fbad0825f5554ec61e08b44508d3e71d mes5/i586/php-mysqli-5.3.28-0.1mdvmes5.2.i586.rpm 231d82b657e31ad7034aa350b7ed339c mes5/i586/php-mysqlnd-5.3.28-0.1mdvmes5.2.i586.rpm 25865395e9574487f5ed2a9aaaee6a6c mes5/i586/php-odbc-5.3.28-0.1mdvmes5.2.i586.rpm ef531bf3c279546d0a05f60b6f7074f5 mes5/i586/php-openssl-5.3.28-0.1mdvmes5.2.i586.rpm
[slackware-security] gnupg (SSA:2013-354-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] gnupg (SSA:2013-354-01) New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--+ patches/packages/gnupg-1.4.16-i486-1_slack14.1.txz: Upgraded. Fixed the RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack as described by Genkin, Shamir, and Tromer. For more information, see: http://www.cs.tau.ac.il/~tromer/acoustic/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the Get Slack section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnupg-1.4.16-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnupg-1.4.16-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnupg-1.4.16-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnupg-1.4.16-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnupg-1.4.16-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnupg-1.4.16-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnupg-1.4.16-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnupg-1.4.16-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gnupg-1.4.16-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/gnupg-1.4.16-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnupg-1.4.16-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnupg-1.4.16-x86_64-1.txz MD5 signatures: +-+ Slackware 13.0 package: 1b19a956ada33e1ac5ade0b4e6586d92 gnupg-1.4.16-i486-1_slack13.0.txz Slackware x86_64 13.0 package: d8b88c599806ab6f006bba9f7fd58d50 gnupg-1.4.16-x86_64-1_slack13.0.txz Slackware 13.1 package: 1a5e2df9356d37c68ff2029545d8a981 gnupg-1.4.16-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 4baf7f1d0f62dcb4e9e1d3dbfbb87cdd gnupg-1.4.16-x86_64-1_slack13.1.txz Slackware 13.37 package: 205c28267d67a88751d86b97e66cebe4 gnupg-1.4.16-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 69ada153c418f43b4ad38782c79d8e3e gnupg-1.4.16-x86_64-1_slack13.37.txz Slackware 14.0 package: d2df6ff62d18880ff9f847caa84610a7 gnupg-1.4.16-i486-1_slack14.0.txz Slackware x86_64 14.0 package: ab2ade7b21df6af575fea32d7391517f gnupg-1.4.16-x86_64-1_slack14.0.txz Slackware 14.1 package: 95ef3d7c28a0516654037dec7945c180 gnupg-1.4.16-i486-1_slack14.1.txz Slackware x86_64 14.1 package: fc8f60b3d5f258a6f2fb66a66db60929 gnupg-1.4.16-x86_64-1_slack14.1.txz Slackware -current package: e2469fb2ba22ceb9e52d76831aa1b8e1 n/gnupg-1.4.16-i486-1.txz Slackware x86_64 -current package: f959c0f9009a26abc5294107bf8b188a n/gnupg-1.4.16-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg gnupg-1.4.16-i486-1_slack14.1.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP
[ MDVSA-2013:299 ] samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:299 http://www.mandriva.com/en/support/security/ ___ Package : samba Date: December 22, 2013 Affected: Business Server 1.0 ___ Problem Description: Multiple vulnerabilities has been discovered and corrected in samba: The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator#039;s pam_winbind configuration-file mistake (CVE-2012-6150). Buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet (CVE-2013-4408). The updated packages has been upgraded to the 3.6.22 version which resolves various upstream bugs and is not vulnerable to these issues. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408 http://www.samba.org/samba/history/samba-3.6.21.html http://www.samba.org/samba/history/samba-3.6.22.html ___ Updated Packages: Mandriva Business Server 1/X86_64: e75ca171513e6b1c54ad77fe0feeabe2 mbs1/x86_64/lib64netapi0-3.6.22-1.mbs1.x86_64.rpm dbfc96f66f6328db3597dea747915f24 mbs1/x86_64/lib64netapi-devel-3.6.22-1.mbs1.x86_64.rpm 569452556235a2d00f3e31ca9244e99f mbs1/x86_64/lib64smbclient0-3.6.22-1.mbs1.x86_64.rpm e45b969bcd034b37d6eea9e6438dc623 mbs1/x86_64/lib64smbclient0-devel-3.6.22-1.mbs1.x86_64.rpm 61624e0bdb59db6a7b38ff6df9b528c0 mbs1/x86_64/lib64smbclient0-static-devel-3.6.22-1.mbs1.x86_64.rpm 2cab4c1de652fdb153ffc171fd85cb13 mbs1/x86_64/lib64smbsharemodes0-3.6.22-1.mbs1.x86_64.rpm 432de62da07d76a1c6caee4f5c86b98e mbs1/x86_64/lib64smbsharemodes-devel-3.6.22-1.mbs1.x86_64.rpm ddd929553b7ae807428e9e172295a899 mbs1/x86_64/lib64wbclient0-3.6.22-1.mbs1.x86_64.rpm 43bd4bd6c15d0dece283d1aec84a3714 mbs1/x86_64/lib64wbclient-devel-3.6.22-1.mbs1.x86_64.rpm 586fcb19209338416273009e2d7b3c8b mbs1/x86_64/nss_wins-3.6.22-1.mbs1.x86_64.rpm d6e2b27265691f111aa364e7ae5c5276 mbs1/x86_64/samba-client-3.6.22-1.mbs1.x86_64.rpm f66d7573d84f5238d3324748511ad2a4 mbs1/x86_64/samba-common-3.6.22-1.mbs1.x86_64.rpm 07e7710d4b9295fb62e81f23ac723bea mbs1/x86_64/samba-doc-3.6.22-1.mbs1.noarch.rpm 67ff474d324a41753f5bdfaf63fd07b3 mbs1/x86_64/samba-domainjoin-gui-3.6.22-1.mbs1.x86_64.rpm e81a7bf8da697a055d2e980d54f7ab87 mbs1/x86_64/samba-server-3.6.22-1.mbs1.x86_64.rpm 88f34c6bff167020ffa8cb2e8b3d6e6f mbs1/x86_64/samba-swat-3.6.22-1.mbs1.x86_64.rpm dcd6bbf7a2fb1dd95fb02f21dfb9acd0 mbs1/x86_64/samba-virusfilter-clamav-3.6.22-1.mbs1.x86_64.rpm 76ccda39bbf6b56e004e15f04ca9ff0d mbs1/x86_64/samba-virusfilter-fsecure-3.6.22-1.mbs1.x86_64.rpm 3dfe1d3ceb575288ebd711a021e20ce5 mbs1/x86_64/samba-virusfilter-sophos-3.6.22-1.mbs1.x86_64.rpm e9fd794dbc4491dd5ca595a6cee20479 mbs1/x86_64/samba-winbind-3.6.22-1.mbs1.x86_64.rpm 1c633723bd82487b385bdf65e6ef253c mbs1/SRPMS/samba-3.6.22-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFStvLSmqjQ0CJFipgRArQbAJ92lnIbHg7gbCGhOZyU2Dq8m6loNwCfetCt p5/1VzCAcokyiwxibLK14xY= =JHLU -END PGP SIGNATURE-
[SECURITY] [DSA 2826-1] denyhosts security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2826-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez December 22, 2013 http://www.debian.org/security/faq - - Package: denyhosts Vulnerability : Remote denial of ssh service Problem type : remote Debian-specific: no CVE ID : CVE-2013-6890 Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user to forge crafted login names in order to make denyhosts ban arbitrary IP addresses. For the oldstable distribution (squeeze), this problem has been fixed in version 2.6-7+deb6u2. For the stable distribution (wheezy), this problem has been fixed in version 2.6-10+deb7u2. For the testing distribution (jessie), this problem has been fixed in version 2.6-10.1. For the unstable distribution (sid), this problem has been fixed in version 2.6-10.1. We recommend that you upgrade your denyhosts packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJSty67AAoJEG3bU/KmdcClLHsH/08JpuJ82Zx+bIkahPHMDCgt KwIV0s8ZXWamBSbUflfsxY0KfhozWzzlIqqNfCE7M7VG4TNkctnSSBZdpqDKGypn eYuX/H3dPovLh4Srcx7TF3H9TW2/zv4uddn6xQYsWrKmhwDLcfZ/lR78TKZhnDZI 4fDP0hJ6qWdqE4kP+Qxt3hHxx1SYNJBm+tMaSJANlSaOjE5VPTmTlxf3b5u4bXez jbK73IGXitfDAjvyMePpPJSKrZ6juJTYU+/sOVV0yMJfik1cSJU5VwHAZjtQIk2g QqJFvVfWfqYR6wZIWUvONZI+5x0NvvFBXmjqyTbLb+5JzqKv2UwyVd19KEHvgjM= =GFt6 -END PGP SIGNATURE-
NEW VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- VMware Security Advisory Advisory ID: VMSA-2013-0016 Synopsis:VMware ESXi and ESX unauthorized file access through vCenter Server and ESX Issue date: 2013-12-22 Updated on: 2013-12-22 (initial advisory) CVE numbers: CVE-2013-5973 - --- 1. Summary VMware ESXi and ESX unauthorized file access through vCenter Server and ESX 2. Relevant releases VMware ESXi 5.5 without patch ESXi550-201312001 VMware ESXi 5.1 without patch ESXi510-201310001 VMware ESXi 5.0 without patch update-from-esxi5.0-5.0_update03 VMware ESXi 4.1 without patch ESXi410-201312001 VMware ESXi 4.0 without patch ESXi400-201310001 VMware ESX 4.1 without patch ESX410-201312001 VMware ESX 4.0 without patch ESX400-201310001 3. Problem Description a. VMware ESXi and ESX unauthorized file access through vCenter Server and ESX VMware ESXi and ESX contain a vulnerability in the handling of certain Virtual Machine file descriptors. This issue may allow an unprivileged vCenter Server user with the privilege “Add Existing Disk to obtain read and write access to arbitrary files on ESXi or ESX. On ESX, an unprivileged local user may obtain read and write access to arbitrary files. Modifying certain files may allow for code execution after a host reboot. Unprivileged vCenter Server users or groups that are assigned the predefined role Virtual Machine Power User or Resource Pool Administrator have the privilege Add Existing Disk. The issue cannot be exploited through VMware vCloud Director. Workaround A workaround is provided in VMware Knowledge Base article 2066856. Mitigation In a default vCenter Server installation no unprivileged users or groups are assigned the predefined role Virtual Machine Power User or Resource Pool Administrator. Restrict the number of vCenter Server users that have the privilege “Add Existing Disk. VMware would like to thank Shanon Olsson for reporting this issue to us through JPCERT. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5973 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMwareProduct Running Replace with/ Product Version on Apply Patch * = === === = ESXi 5.5 ESXiESXi550-201312101-SG ESXi 5.1 ESXiESXi510-201310101-SG ESXi 5.0 ESXiESXi500-201310101-SG ESXi 4.1 ESXiESXi410-201312401-SG ESXi 4.0 ESXiESXi400-201310401-SG ESX 4.1 ESX ESX410-201312401-SG ESX 4.0 ESX ESX400-201310401-SG * Known Issues Deploying these patches does not remediate the issue if the ESXi or ESX file /etc/vmware/configrules has been modified manually (modifying this file is uncommon). Customers who have modified this file should apply the workaround after installing the patch. After deploying the patches, Virtual Machines that have their names ending in -flat, -rdm or -rdmp will no longer power on. See the VMware Knowledge Base article listed under Workaround for a solution. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. ESXi and ESX https://www.vmware.com/patchmgr/download.portal ESXi 5.5 File: ESXi550-201312001.zip md5sum: c2edc6fbe983709a5a643fe5e03c055b sha1sum: df55f419056b2dab25e28ca87ccdd8a099849a40 http://kb.vmware.com/kb/2063795 ESXi550-201312001 contains ESXi550-201312101-SG ESXi 5.1 File: ESXi510-201310001.zip md5sum: 00b6a97b3042dc45da52e20b67666387 sha1sum: 8b0e2e832d0c603991718da17e1f73de4f0969cc http://kb.vmware.com/kb/2053402 ESXi510-201310001 contains ESXi510-201310101-SG ESXi 5.0 -- File: update-from-esxi5.0-5.0_update03.zip md5sum: 7e6185fa3238a4895613b39e57a2a94b sha1sum: aa3929d2c8183aeaecdc238cbbf4d270bd70dd07 http://kb.vmware.com/kb/209 update-from-esxi5.0-5.0_update03 contains ESXi500-201310101-SG ESXi 4.1 -- File: ESXi410-201312001.zip md5sum: f85c0c449513b88b22f19a5f11966d5e sha1sum:
ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability EMC Identifier: ESA-2013-094 CVE Identifier: CVE-2012-0874 Severity Rating: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Affected products: All EMC Data Protection Advisor (DPA) versions of 5.x Summary: EMC DPA may be vulnerable to remote code execution vulnerability. Details: The DPA Illuminator service (DPA_Illuminator.exe) listening on port 8090 (tcp/http) and 8453 (tcp/https) embeds JBOSS servlets (JMXInvokerServlet and EJBInvokerServlet). These JBOSS servlets are vulnerable to remote code execution vulnerability. The vulnerability could be exploited to execute remote code with NT AUTHORITY\SYSTEM privileges. See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0874 for more details. Affected JBOSS servlets are not required for DPA functionality. This vulnerability does not affect EMC DPA versions 6.x. Follow the steps below to remove the vulnerable JBOSS servlets from DPA 5.x system and mitigate the security risk. Resolution: The following products contain the resolution to this issue: EMC DPA version 6.x and later. Workaround for DPA 5.x versions: 1. Stop the DPA Illuminator service. 2. Open Install dir\Illuminator_Server\JBoss\server\illuminator\deploy. For example: C:\Program Files\EMC\DPA\Illuminator_Server\JBoss\server\illuminator\deploy 3. Delete http-invoker.sar directory. 4. Start the DPA Illuminator service. EMC strongly recommends all customers upgrade to version 6.x or higher or apply workaround for 5.x versions at the earliest opportunity. Link to remedies: Registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/829_Data-Protection-Advisor Credits: EMC would like to thank Andrea Micalizzi (aka rgod) for discovering this issue. Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided as is without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (Cygwin) iEYEARECAAYFAlKzP2AACgkQtjd2rKp+ALxoNACgtBXByJQv59K6/7EynNjxA9DQ tOwAoNl/PWIbRnLriOvbaIbcm/tICI5P =Jq4q -END PGP SIGNATURE-