Re: Multiple Vulnerabilities with Aztech Modem Routers
The following CVE's have been assigned for this issues: CVE-2014-6435 - Potential DoS attack Link to OSVDB ID: 111432 - http://osvdb.org/show/osvdb/111432 CVE-2014-6436 - Broken Session Management Link to OSVDB ID: 111433 - http://osvdb.org/show/osvdb/111433 CVE-2014-6437 - File and Data Exposure Link to OSVDB ID: 111434 - http://osvdb.org/show/osvdb/111434 Link to OSVDB ID: 111435 - http://osvdb.org/show/osvdb/111435 09/01/2014 - Notified vendor. No response. 09/12/2014 - Reported to Mitre 09/14/2014 - Initial public announcement. 09/19/2014 - CVE reservation. 09/19/2014 - Resend full-disclosure to vendor, awaiting response. Complete reference: http://x.arpa.ph/fjpf/aztech.html
[SECURITY] [DSA 3025-2] apt regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3025-2 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso September 18, 2014 http://www.debian.org/security/faq - - Package: apt Debian Bug : 762079 The previous update for apt, DSA-3025-1, introduced a regression when file:/// sources are used and those are on a different partition than the apt state directory. This update fixes the regression. For reference, the original advisory follows. It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489) and does not properly perform validation for binary packages downloaded by the apt-get download command (CVE-2014-0490). For the stable distribution (wheezy), this problem has been fixed in version 0.9.7.9+deb7u4. For the unstable distribution (sid), this problem has been fixed in version 1.0.9.1. We recommend that you upgrade your apt packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJUG0CmAAoJEAVMuPMTQ89EBM8P/2rKhZFYQZpbVVPkSd/97VcL 6j6lmyEAgazAr0NEnrihOxDmU5DW96+WzUaA7GMoe2AW+eptjKDkTo7B6HM1WuR9 VDwTsD8yRRSXHbzGEOa2b1OBTsWvdEQWHc/RIPhyiZ+JKETcvPdCA7ZItys5odch +4u1xlJX876Oz+OJy206Q/knJhrZUypgT6cm7WUAPxm+UyIxxj7Mzt5EL9i5okdf AppvyREbMou1XrU86nSKBGk4YZRkX8Eh2vPu9NiYLEn4eJs8SjuUV9OCr/QGVJxj 8ElZ9Lhv0orsySUzIWZagqBcg+PPHiqzykbuYSvDdAgjB4aQAPwlHbDUFLtyappX j5f9I4qGkmCbi7LXISScFopdzARWeObLIKxZe1C/jDjDoUNo81Hu7pSRWFvY6nar 02R3rIxLbbmqDI9h6Xd4/i7DkyVZ4shyeWeivBJ4y3kY7OB+dUXn7AelKH920whO 3P3GbXJM2iWPPAFqc0Du59HH8mmLr477n1RO7KtjyXR+3oCz+ikQ5dSqYSS4RDkt Jwd5fyTr0U4C1ghZwLQMJsJ435i5PpqYnjrs+oRRjFWyX0cofblHCcEaa5UL9h2X E4nKZ9YP5uHjU70b73Y7JiBAITv5/uB+9U5YBJNd4pftSTz8oocOtUwxdKM4tIg+ Yq0GAPy1aQfab62HfVES =IgUC -END PGP SIGNATURE-
AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations
Asterisk Project Security Advisory - AST-2014-010 ProductAsterisk SummaryRemote crash when handling out of call message in certain dialplan configurations Nature of Advisory Remotely triggered crash of Asterisk SusceptibilityRemote authenticated sessions Severity Minor Exploits KnownNo Reported On 05 September 2014 Reported By Philippe Lindheimer Posted On 18 September 2014 Last Updated OnSeptember 18, 2014 Advisory Contact Matt Jordan CVE Name Pending Description When an out of call message - delivered by either the SIP or PJSIP channel driver or the XMPP stack - is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the ReceiveFax dialplan application while using the res_fax_spandsp module. Note that this crash does not occur when using the res_fax_digium module. While this crash technically occurs due to a configuration issue, as attempting to receive a fax from a channel driver that only contains textual information will never succeed, the likelihood of having it occur is sufficiently high as to warrant this advisory. Resolution The fax family of applications have been updated to handle the Message channel driver correctly. Users using the fax family of applications along with the out of call text messaging features are encouraged to upgrade their versions of Asterisk to the versions specified in this security advisory. Additionally, users of Asterisk are encouraged to use a separate dialplan context to process text messages. This avoids issues where the Message channel driver is passed to dialplan applications that assume a media stream is available. Note that the various channel drivers and stacks provide such an option; an example being the SIP channel driver's outofcall_message_context option. Affected Versions Product Release Series Asterisk Open Source 11.xAll versions Asterisk Open Source 12.xAll versions Certified Asterisk 11.6All versions Corrected In Product Release Asterisk Open Source11.12.1, 12.5.1 Certified Asterisk 11.6-cert6 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2014-010-11.diff Asterisk 11 http://downloads.asterisk.org/pub/security/AST-2014-010-12.diff Asterisk 12 http://downloads.asterisk.org/pub/security/AST-2014-010-11.6.diff Certified Asterisk 11.6 Links https://issues.asterisk.org/jira/browse/ASTERISK-24301 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security
AST-2014-009: Remote crash based on malformed SIP subscription requests
Asterisk Project Security Advisory - AST-2014-009 ProductAsterisk SummaryRemote crash based on malformed SIP subscription requests Nature of Advisory Remotely triggered crash of Asterisk SusceptibilityRemote authenticated sessions Severity Major Exploits KnownNo Reported On 30 July, 2014 Reported By Mark Michelson Posted On 18 September, 2014 Last Updated OnSeptember 18, 2014 Advisory Contact Mark Michelson CVE Name Pending Description It is possible to trigger a crash in Asterisk by sending a SIP SUBSCRIBE request with unexpected mixes of headers for a given event package. The crash occurs because Asterisk allocates data of one type at one layer and then interprets the data as a separate type at a different layer. The crash requires that the SUBSCRIBE be sent from a configured endpoint, and the SUBSCRIBE must pass any authentication that has been configured. Note that this crash is Asterisk's PJSIP-based res_pjsip_pubsub module and not in the old chan_sip module. Resolution Type-safety has been built into the pubsub API where it previously was absent. A test has been added to the testsuite that previously would have triggered the crash. Affected Versions Product Release Series Asterisk Open Source 1.8.x Unaffected Asterisk Open Source 11.xUnaffected Asterisk Open Source 12.x12.1.0 and up Certified Asterisk 1.8.15 Unaffected Certified Asterisk 11.6Unaffected Corrected In Product Release Asterisk Open Source12.5.1 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2014-009-12.diff Asterisk 12 Links https://issues.asterisk.org/jira/browse/ASTERISK-24136 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2014-009.pdf and http://downloads.digium.com/pub/security/AST-2014-009.html Revision History DateEditor Revisions Made 19 August, 2014 Mark Michelson Initial version of document Asterisk Project Security Advisory - AST-2014-009 Copyright (c) 2014 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.
CVE ID Syntax Change - Deadline Approaching
As we approach the end of 2014, CVE identifiers are getting closer and closer to the magic CVE-2014- mark, which means that MITRE will be issuing a 5-digit CVE ID within a matter of months, in accordance with the new syntax that was selected in 2013 (basically using 5, 6, or even more digits as needed). Some people are still unaware that this change has happened or have been slow to implement it. Once a CVE identifier is issued using the new syntax, some security products and processes could break or report incorrect vulnerability identifiers, making vulnerability management more difficult. Consider a product that stops processing an XML document because its validation step assumes that CVE IDs have only 4 digits. Perhaps worse, consider a critical vulnerability in a popular product that is given a 5-digit CVE ID, which is inadvertently and silently truncated to a 4-digit ID for a low-priority issue in a rarely-used product. We know of at least 6 different products or services that have had problems. Custom, in-house software is not necessarily immune, either. MITRE has been assigning CVE IDs faster than ever; we're up to CVE-2014-6446 even though it's only September, which puts us on pace to exceed 9000 for 2014 by the end of the year - and the rate of assignment could increase in the coming months. Even if we don't reach 10,000 CVE-2014- identifiers by the end of 2014, MITRE will be issuing at least one 5-digit identifier no later than January 13, 2015, to ensure that all software is tested for support of the new syntax. To help people address this problem, we have created a web page about the ID syntax change, including the product features most likely to be affected, along with some test data. http://cve.mitre.org/cve/identifiers/syntaxchange.html For a list of the 19 early adopters who have stated that they are compliant with the new syntax, see: http://cve.mitre.org/cve/identifiers/compliant_organizations.html The clock is ticking! You can reach us at cve-id-cha...@mitre.org if you have any questions. Thank you, The MITRE CVE Team
APPLE-SA-2014-09-17-7 Xcode 6.0.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2014-09-17-7 Xcode 6.0.1 Xcode 6.0.1 is now available and addresses the following: subversion Available for: OS X Mavericks v10.9.4 or later Impact: A malicious attacker may be able to cause Subversion to terminate unexpectedly Description: A denial of service issue existed in Subversion when SVNListParentPath was enabled. This issue was addressed by updating Subversion to version 1.7.17. CVE-ID CVE-2014-0032 Xcode 6.0.1 may be obtained from the Downloads section of the Apple Developer Connection Member site: http://developer.apple.com/ Login is required, and membership is free. Xcode 6.0.1 is also available from the App Store. It is free to anyone with OS X Mavericks v10.9.4 and later. To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "6.0.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUGvwLAAoJEBcWfLTuOo7tDiEP/1Tac1/EMN3gRqhAD0CyB9jJ 58rGOIkykANzfx1UItvZBb88oDy+EGhK9ZtFSyFFdC8wxq1M1UeDayYC2IoLlYQ1 dJLYZwX1FEcgZKRKMzJQRV1GusXCGLSHG+w0iol2DdCIWbNfSt5aaqwSyJBuuklD hlIToL3rCDpHQmhfU/D2MSK56xWxExfDofYV3DNn9eETP5TnB6RFQJYxbEMpQ6DC Gkgm6BvnF5091XNLRJ+KYTdYbCfaY1X7TUg5uBDN8xC6ygNVKw14n/wZGpbTPT+P asyKLEVxpwvpI5QqBD6kEJlf5ALFAv5AehpCoheM40N/AOYhQ4lBL+yhHjlXmMeH J5Ir8nWrfGTiw2e4V7+t79RZrHQq+1jutxwWRSsEh28kBJbVYSXP2ALNfjePoNLO 58tqyN5BAVi3LIPh8Zo270iIyCggHNnWN3SZlOgtKeyZV0xi7MGHTyQPoWu0nyIx Irh7tZx514bUg8geNSljQGOReNf4R2d1nm6/gyPhd0ZP+FWfKmUmaouS6rNNW8la igWLkDwa/iel5ILvqXXG9ZfgjGoO9sqls1ED4lV2ETLTSIgG/+2x6tfT4xfw5a6t UiM9yByWnVrZ51DWshIfxGxcv+Gv2ciW/u/AYH3GVtSc20RXrC0vzBIbpO6BbpSS LZkBJnMwAJAPIG/Dq385 =/vKz -END PGP SIGNATURE- signature.asc Description: Message signed with OpenPGP using GPGMail
Oracle Corporation MyOracle - Persistent Vulnerability
Document Title: === Oracle Corporation MyOracle - Persistent Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1261 Oracle Security ID (Team Tracking ID): ad...@vulnerability-lab.com-001:2014 http://vulnerability-db.com/magazine/articles/2014/09/17/oracle-corporation-fixed-vulnerability-myoracle-online-service-application Release Date: = 2014-09-17 Vulnerability Laboratory ID (VL-ID): 1261 Common Vulnerability Scoring System: 3.9 Product & Service Introduction: === Oracle Corporation is an American multinational computer technology corporation headquartered in Redwood City, California, United States. The company specializes in developing and marketing computer hardware systems and enterprise software products – particularly its own brands of database management systems. Oracle is the second-largest software maker by revenue, after Microsoft. The company also builds tools for database development and systems of middle-tier software, enterprise resource planning (ERP) software, customer relationship management (CRM) software and supply chain management (SCM) software. Larry Ellison, a co-founder of Oracle, has served as Oracle`s CEO throughout its history. He also served as the Chairman of the Board until his replacement by Jeffrey O. Henley in 2004. On August 22, 2008, the Associated Press ranked Ellison as the top-paid chief executive in the world. (Copy of the Homepage: http://en.wikipedia.org/wiki/Oracle_Corporation ) Abstract Advisory Information: == The Vulnerability Laboratory Research Team discovered a persistent vulnerability in the official Oracle Corporation `MyOracle` service web-application. Vulnerability Disclosure Timeline: == 2014-04-28: Researcher Notification & Coordination (Benjamin Kunz Mejri) 2014-04-30: Vendor Notification (Oracle Sec Alert Security Team) 2014-05-03: Vendor Response/Feedback (Oracle Sec Alert Security Team) 2014-09-01: Vendor Fix/Patch (Oracle Developer Team - Acknowledgments 2014 October CPU Advisory) 2014-09-17: Public Disclosure (Vulnerability Laboratory) Discovery Status: = Published Affected Product(s): Exploitation Technique: === Remote Severity Level: === Medium Technical Details & Description: A filter and persistent input validation mail encoding web vulnerability has been discovered in the official Oracle Corporation `MyOracle` service web-application. The vulnerability allows to bypass the regular web/system validation to inject own script codes in outgoing emails of the account system mail server service. The vulnerability is located in the name values of the my-oracle `registration` module. Remote attackers are able to inject in the first and lastname input fields of the registration formular own script codes via POST method request. The injected script code activates the account mail service notification which returns with the persistent code in the myoracle token activation site. The issue impact a critical risk because an attacker is able to inject own tokens or can manipulate the full mail body context. Further send notification mails by the myoracle service can also be affected by the issue. The encoding of the server does not recognize outgoing service mails which results in the persistent issue in outgoing emails. The injection point is a profile values update or directly the remote registration itself. The security risk of the persistent mail encoding and filter web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.9. Exploitation of the vulnerability requires low user interaction and no privileged application user account. Successful exploitation results in persistent session hijacking attacks, unauthorized external redirects to malicious sources and persistent manipulation of affected or connected module context. Request Method(s): [+] POST Vulnerable Service(s): [+] MyOracle Vulnerable Module(s): [+] Registration (exp.) Vulnerable Parameter(s): [+] Profile name values (firstname & lastname ...) [Sender]: [+] oracle-acct...@oracle.com [Receiver]: [+] ad...@evolution-sec.com & b...@evolution-sec.com Proof of Concept (PoC): === The persistent mail encoding web vulnerability can be exploited by remote attackers with low user interaction and without privileged application user account. For security demonstration or to reproduce the persistent mail encoding web vulnerability foll
Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: Apple Foundation NSXMLParser XML eXternal Entity (XXE) Flaw Release Date: 2014-09-17 Application: Apple iOS Foundation Framework Apple OS X Foundation Framework Versions: iOS 7.0, 7.1, OS X 10.9 - 10.9.4 Severity: High Author: George D. Gal Vendor Status: Fix Available CVE Candidate: CVE-2014-4374 Reference: http://www.vsecurity.com/resources/advisory/20140917-1/ http://support.apple.com/kb/HT1222 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Product Description ~-~ - From [1]: "Xcode includes software development kits (SDKs) that enable you to create applications that run on specific versions of iOS or OS X?including versions different from the one you are developing on. This technology lets you build a single binary that takes advantage of new features when running on a system that supports them, and gracefully degrades when running on an older system. Some Apple frameworks automatically modify their behavior based on the SDK an application is built against for improved compatibility." Vulnerability Overview ~~ In May 2014, VSR identified a vulnerability in versions 7.0 and 7.1 of the iOS SDK whereby the NSXMLParser class, resolves XML External Entities by default despite documentation which indicates otherwise. In addition, settings to change the behavior of XML External Entity resolution appears to be non-functional. This vulnerability, commonly known as XXE (XML eXternal Entities) attacks could allow for an attacker's ability to use the XML parser to carry out attacks ranging from network port scanning, information disclosure, denial of service, and potentially to carry out remote file retrieval. Further review also revealed that the Foundation Framework used in OS X 10.9.x is also vulnerable. The severity of this vulnerability varies. For example, in situations where the application does not reflect user influenced XML, retrieval of files may be limited, however using external HTTP entities could be used to conduct port scans. In other scenarios if core iOS applications transmit XML over plaintext protocols, these protocols could potentially be intercepted to leak contents of any file on the mobile device. For App Store applications files which could be accessed may be limited to those under the individual chrooted application directories, or in the case of jailbroken devices, any file on the filesystem. Vulnerability Details ~---~ Apple's NSXMLParser documentation [2] indicates that external entity resolution is disabled in the parser by default. However, inspection of multiple applications running on iOS 7.0 and 7.1 now appear to resolve external entities by default, and even when attempting to disable entity resolution explicitly as shown below: [nsXmlParser setShouldResolveExternalEntities:NO]; The following source code demonstrates the flaw: - - (void) doParse:(NSData *)data { // create and init NSXMLParser object NSXMLParser *nsXmlParser = [[NSXMLParser alloc] initWithData:data]; // Why does the following not even work!? [nsXmlParser setShouldResolveExternalEntities:NO]; // create and init our delegate VSRParser *parser = [[VSRParser alloc] initXMLParser]; // set delegate [nsXmlParser setDelegate:parser]; // parsing... BOOL success = [nsXmlParser parse]; // test the result if (success) { NSLog(@"No errors"); NSMutableArray *stuff = [parser tests]; } else { NSLog(@"Error parsing document!"); } [parser release]; [nsXmlParser release]; } When using a vulnerable input XML file as shown below, the XML parser attempts to perform network name resolution and access the resource defined by &http; http://iossdk-xxe.apt.vsecurity.org/";> ]> &file; &http; The following DNS and web server log entries demonstrate attempts to resolve &http; 2014-05-19_13:26:28.31088 ... iossdk-xxe.apt.vsecurity.org XX.XX.XX.XX - - [19/May/2014:09:26:28 -0400] "GET /xxe HTTP/1.0" 404 446 "-" "-" In more serious exploitation scenarios, plaintext XML communications between a server and iOS mobile application, or OS X client application could be intercepted and modified in transit to reference a file present on the client device. If the device reflects this value in subsequent communications or errors the contents of files stored on the device could be leaked to an attacker Versions Affected ~---~ VSR's analysis revealed that the IOS 7.0, 7.1 SDKs are vulnerable, while earlier versions of IOS and the IOS SDK do not appear to be affected. This
Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
hope that it will help promote public safety. This advisory comes with absolutely NO WARRANTY; not even the implied warranty of merchantability or fitness for a particular purpose. Neither Virtual Security Research, LLC nor the author accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. See the VSR disclosure policy for more information on our responsible disclosure practices: http://www.vsecurity.com/company/disclosure =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Copyright 2014 Virtual Security Research, LLC. All rights reserved. signature.asc Description: Message signed with OpenPGP using GPGMail
APPLE-SA-2014-09-17-6 OS X Server 2.2.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2014-09-17-6 OS X Server 2.2.3 OS X Server 2.2.3 is now available and addresses the following: CoreCollaboration Available for: OS X Mountain Lion v10.8.5 Impact: A remote attacker may be able to execute arbitrary SQL queries Description: A SQL injection issue existed in Wiki Server. This issue was addressed through additional validation of SQL queries. CVE-ID CVE-2014-4424 : Sajjad Pourali (saj...@securation.com) of CERT of Ferdowsi University of Mashhad OS X Server 2.2.3 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUGkbuAAoJEBcWfLTuOo7tYVMQAKaz8CbU1iJrm+5fvLPnXrBF eWp0tYCDPcoj1tUJ79+XJplJHsZ2Ezb0bQ8gvNSRLgT32Dw4gtRPmZ9c+/UHMUV6 rbSeF73x4IC6yF56ghbKjTkFJguniaS/k6KWCYhqU2Ew/qya2nJdj/RGS5AICQb3 HVg50yW+jRb5geLOL/+Sd7R+zjg3OZb+Z7h+/ynCI53tGgVB9LzslrI+thNAA2Fz mAsHtF1Fx6l9F+lbCygJj6sNoBxDJPadBlPPjR7E1C06cCoxlARdz2K74qFONt6+ /zSbWofuszvN23HmY9+JYmIQ7x0wi9Ff7W18Ai5nN2/GCLzOM/lJKHKY2tTG781h R9g1bX1Q0mB9e+RYqmgwSvdtijFXjtOqNza8X9fBHP5bzArucMaFrhUqCEeSqSfs 6hijGHJzK/buNdIzP2wBceA/EXRAfqUZi8r4FTGLQMqZvath3nhrEP+T2LezBCwS 7foYeCo1AXp6oQDgKA0QUflFZg6eZlLFPngvFQn/7ko+I/K1+RzZwbiwS+61pNva AaoSTeuzeYKuWIFQU80I+mZ1bwqr60Ns9Q3AtIJlKlu/3+l+G3eOW397SqtqbPdh jRAsmOpcA6w5afjT1yIlcGis/k3H7VAvuVNu6ZZ6JGdXD+q1O4K9GQA2vqxgBLO8 w5/NX6or7DEXSvpwiLND =s9TT -END PGP SIGNATURE- signature.asc Description: Message signed with OpenPGP using GPGMail
APPLE-SA-2014-09-17-5 OS X Server 3.2.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2014-09-17-5 OS X Server 3.2.1 OS X Server 3.2.1 is now available and addresses the following: CoreCollaboration Available for: OS X Mavericks v10.9.5 or later Impact: A remote attacker may be able to execute arbitrary SQL queries Description: A SQL injection issue existed in Wiki Server. This issue was addressed through additional validation of SQL queries. CVE-ID CVE-2014-4424 : Sajjad Pourali (saj...@securation.com) of CERT of Ferdowsi University of Mashhad CoreCollaboration Available for: OS X Mavericks v10.9.5 or later Impact: Visiting a maliciously crafted website may lead to the execution of arbitrary JavaScript Description: A cross-site scripting issue existed in Xcode Server. This issue was addressed through improved encoding of HTML output. CVE-ID CVE-2014-4406 : David Hoyt of Hoyt LLC CoreCollaboration Available for: OS X Mavericks v10.9.5 or later Impact: Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PostgreSQL. This issue was addressed by updating PostgreSQL to version 9.2.7. CVE-ID CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 OS X Server 3.2.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUGkbmAAoJEBcWfLTuOo7tSBkP/07Yf4OuqTDwFyDQBo84+YXo 1Qu+xK/c2rawndhYn7EE+U+7pxP+2WMpanTW/UQqiDLJ+c98j63JqKBSL3qtB1ew NKSBNm9sMEyu6sp0bQfpMh8oIWjLga3U+QCM2x0JFOOVJpleMM8N21oZZcHtALKT CxGHnAxFny1k4xof1kTxfrcH46mroUf8xut1A6UI2G9pv50YPqtsGzEmnV6lRfkb ZjvRgrZU6CZbJNwj4hx4+F1is0V1mCV7Tg9w9Ydf5d+i/3XFLKYvYyCTErV6CU3T /d9rfPkQl3tyZsHWQCQ/wG05ahdiv2AM7hw1C/PdMP0ou0cm8ed61T8doD8DA4D0 BkljUTHKxLlZqt7J1tYLi755HE6Glnc/5nmvGiDp9JXtIBG9WxXq7x34eRhtUOZc XEdBXO8+53tGDdXi5jRNMZ6eFmi2bO8Jp5Di/o9by1ImNZA9pmc9giaPqaAnDirx NgFbPGsNMYktrNBJ/gAnH1J/MDFOwZTct6O0vQJmkTN3T9ZKythKcMu4J1aPpC8J aV/0xf01c5kdCxlzxRsI9pn9lNaepEzX0KM0ZatYuDg+SUFZ93AGYlIBUE47bhbw XcEsswCPVbsied0sqaqW75rPnqUwm5zYrEDpxOsva9Y754/ZdJwpjEPLkwp9Ptpk onRbSLPgIJk0BnObVNoY =HQ9W -END PGP SIGNATURE- signature.asc Description: Message signed with OpenPGP using GPGMail
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004 OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following: apache_mod_php Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in PHP 5.4.24 Description: Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30 CVE-ID CVE-2013-7345 CVE-2014-0185 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3981 CVE-2014-4049 Bluetooth Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of a Bluetooth API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4390 : Ian Beer of Google Project Zero CoreGraphics Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure Description: An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program CoreGraphics Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program Foundation Available for: OS X Mavericks 10.9 to 10.9.4 Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. CVE-ID CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/) Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Compiling untrusted GLSL shaders may lead to an unexpected application termination or arbitrary code execution Description: A user-space buffer overflow existed in the shader compiler. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4393 : Apple Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking. CVE-ID CVE-2014-4394 : Ian Beer of Google Project Zero CVE-2014-4395 : Ian Beer of Google Project Zero CVE-2014-4396 : Ian Beer of Google Project Zero CVE-2014-4397 : Ian Beer of Google Project Zero CVE-2014-4398 : Ian Beer of Google Project Zero CVE-2014-4399 : Ian Beer of Google Project Zero CVE-2014-4400 : Ian Beer of Google Project Zero CVE-2014-4401 : Ian Beer of Google Project Zero CVE-2014-4416 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2014-4376 : Ian Beer of Google Project Zero IOAcceleratorFamily Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds read issue existed in the handling of an IOAcceleratorFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4402 : Ian Beer of Google Project Zero IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of an IOHIDFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4379 : Ian Beer of Google Project Zero IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of I
APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1 Safari 6.2 and Safari 7.1 are now available and address the following: Safari Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: An attacker with a privileged network position may intercept user credentials Description: Saved passwords were autofilled on http sites, on https sites with broken trust, and in iframes. This issue was addressed by restricting password autofill to the main frame of https sites with valid certificate chains. CVE-ID CVE-2014-4363 : David Silver, Suman Jana, and Dan Boneh of Stanford University working with Eric Chen and Collin Jackson of Carnegie Mellon University WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-6663 : Atte Kettunen of OUSPG CVE-2014-4410 : Eric Seidel of Google CVE-2014-4411 : Google Chrome Security Team CVE-2014-4412 : Apple CVE-2014-4413 : Apple CVE-2014-4414 : Apple CVE-2014-4415 : Apple WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious website may be able to track users even when private browsing is enabled Description: A web application could store HTML 5 application cache data during normal browsing and then read the data during private browsing. This was addressed by disabling access to the application cache when in private browsing mode. CVE-ID CVE-2014-4409 : Yosuke Hasegawa (NetAgent Co., Led.) Safari 7.1 and Safari 6.2 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUGkSxAAoJEBcWfLTuOo7tNVcP/j3m7E6n31A4jJ+KpQK8QSaC no9gPE/qLSAyHCPY1GvaLqNAiFrfbHvJu0C9GCRQe0K7CElCIovtxUZ91PREInPw yQHsyFefeICOXwmU7fz1MWJcUufV6vdThcOzLQciSC2SomiptGdfhbi1/oyXWa7b 6W8m2adZBv4XDUfObEVO8S28/XsBRN5zHXGbGmwTqobBAGZp8G/IDiB5RjjY0vC3 TCs4TvhlWqUSyCaubqRGtvTol8+eVqFkFsJb/e4j8IlHi83BF5Gb20F+L3kW9lBH rez4sz/chnjR5cFc6Be3ciXNdG10d5urMBFTXB8u6Wu7rl5oShD25OB/j4n+8Ik4 tvQZfGsRnTicFgywX28QuRVWwldK4VFvMcHAEPZ+8FuwjJCZSLbk0JPXJTC374N2 +G/fh6knx+yNEezedUAbR93OFIDn9lKniVlfVvALs8DnI4Qvfus1yQ9Pxb4rA6Y6 wguh4HaAeasMVZeL9nA8NHPH4aVhGryhaGq3N4ykag/TKtXAn2EsOsevQ5tWRYV2 LMJiFcDHcqjOftmbkNN/jbR35PX9InSBVeFqWG++01xKpcR/YrP1uEHY3fiQC/Z4 kX7nr26nrMXJkEb28ShAlyMYmGaQdos5S6jfe2liNg2C4y4E4aUbMwi8+L/wzXO+ mlqQ1qQbOepcgb+U0iLX =muK9 -END PGP SIGNATURE- signature.asc Description: Message signed with OpenPGP using GPGMail
CVE ID Syntax Change - Deadline Approaching
As we approach the end of 2014, CVE identifiers are getting closer and closer to the magic CVE-2014- mark, which means that MITRE will be issuing a 5-digit CVE ID within a matter of months, in accordance with the new syntax that was selected in 2013 (basically using 5, 6, or even more digits as needed). Some people are still unaware that this change has happened or have been slow to implement it. Once a CVE identifier is issued using the new syntax, some security products and processes could break or report incorrect vulnerability identifiers, making vulnerability management more difficult. Consider a product that stops processing an XML document because its validation step assumes that CVE IDs have only 4 digits. Perhaps worse, consider a critical vulnerability in a popular product that is given a 5-digit CVE ID, which is inadvertently and silently truncated to a 4-digit ID for a low-priority issue in a rarely-used product. We know of at least 5 different products or services that have had problems. Custom, in-house software is not necessarily immune, either. MITRE has been assigning CVE IDs faster than ever; we're up to CVE-2014-6446 even though it's only September, which puts us on pace to exceed 9000 for 2014 by the end of the year - and the rate of assignment could increase in the coming months. Even if we don't reach 10,000 CVE-2014- identifiers by the end of 2014, MITRE will be issuing at least one 5-digit identifier no later than January 13, 2015, to ensure that all software is tested for support of the new syntax. To help people address this problem, we have created a web page about the ID syntax change, including the product features most likely to be affected, along with some test data. http://cve.mitre.org/cve/identifiers/syntaxchange.html For a list of the 19 early adopters who have stated that they are compliant with the new syntax, see: http://cve.mitre.org/cve/identifiers/compliant_organizations.html The clock is ticking! You can reach us at cve-id-cha...@mitre.org if you have any questions. Thank you, The MITRE CVE Team
[SECURITY] [DSA 3028-1] icedove security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3028-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff September 17, 2014 http://www.debian.org/security/faq - - Package: icedove CVE ID : CVE-2014-1562 CVE-2014-1567 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. For the stable distribution (wheezy), these problems have been fixed in version 24.8.0-1~deb7u1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your icedove packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUGeY8AAoJEBDCk7bDfE42pqkP/ibbHZLP+85KXD+UNbWs4JM9 t8BvPYnWGmFQwBT4pUD0uj6LgHyf/wHOHeatiBej5wP3GRLfkRpBfItNa8ujy+V6 lhA1p1+sCTt8UlSOWRidoh1m0cnG7PZM3zFi2fsdparZuCYMM9wDOd206cOOGdoe Thl50ohEK1PSFgcRvRx9AJF5kwcEp8tieyxHqzTB7yAIATkAGa812+9G9QIpARrH iSgOW85X3nMIAQanDKbcXikFc6EgneMyJcqMtha24s3R3jut/q4ez25efKvTVM+g 0mZr+euJXYlWL+Rd1uiCePV0lDtaAkKTyNy1oIn5mHzVQ/KKkUkXGn6y+veE8Rdf ICjSx/sVRNLD634tLFgSS34W1CL6cVeMFNZTvuxplIIBE1RmTO4QStK6lnvqcNnB PIZL/k1NV4KWIcnk+Go9dF56vHENezB7b6AlE1vc8cwiYKnH3Ia68EKp6Lbwadu9 H/fPIZq/27oeIxo8N3KHsBcfnRHlxtCe5t29gtFaeuCpsmQe8QyUorKiqyMGjTwv O1U3gwaXco76+dc1YhS6sMS6pn4Nqqg21OnrS5dGD3FCeXANBbmT5/DrSE8m4B7O 7bovLnSw3pQ61kc03timyIUSfkvVzLiNFORjkDJF1+44XykxllrmsENvlzwLTIoz boWFmcGexJk0LC1//hje =j5WK -END PGP SIGNATURE-
[SECURITY] [DSA 3027-1] libav security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3027-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff September 17, 2014 http://www.debian.org/security/faq - - Package: libav CVE ID : CVE-2013-7020 Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. A full list of the changes is available at http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.15 For the stable distribution (wheezy), this problem has been fixed in version 6:0.8.16-1. For the testing distribution (jessie), this problem has been fixed in version 6:11~alpha2-1. For the unstable distribution (sid), this problem has been fixed in version 6:11~alpha2-1. We recommend that you upgrade your libav packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUGeY1AAoJEBDCk7bDfE42YcgQALMeKRyCTYFGUw1Wa1THDwAc dCDJIFUreGuZZotF0zXryFTmtaE0VoGE1shwNkjYgJI4EM/RRAejE55UQadj4Kw0 kQW17ruso1IK41/rIjZUBNGK2PGq8oX/nJ8qIAw+VS6wDUKDyaFi/sKiWHdOnnKx gUirXM2WrkCHz88Z0v5R+Xd1wrp6TvwPDuqdUsRAPybNpauqdf0tbazfjC6cctsT WOAcskXaXwUnUJeU+fWCq2HA1I10ldJsV2TeVrPXkMk6JJwiT7kKmNS7V8VpS48v KZm4tNIlZu/OhpyouxZuvujCIHyb/1S2sJKuPp5VOegXQPn68usptoJguOPJL+xo nEZbt37KCBn6PZvIazTpUGbpCASx9T/1ynWsNyQYFGT9/zJsYnL1E6h/0FXxAXqr lmG5jgPdm0XRCclfHAnNXcBfrmPIsUkRdgZOiTJSWQmAq28tNiKoZwfT1eM2piRj Dye6/3LK7+w0dNJi2uLIAYE+KpgXFBAgqwDCH5odhFdjTbXbBof9BDmtpc/ybf9Z TQoZ5AUI04DPjNhw2nhWI7fgRCoO/BqsMzcarwXSumGT6KH7TH78LSY4c/66jdm6 MbcjipXChpCduwIH2ovUZq/p9qW4N6r9j+mqqTvowVlDt2yv0M6I09Ucjqble6HN jdpExqiFJvtG4sKqb02d =+a8r -END PGP SIGNATURE-