[Full-disclosure] [SECURITY] [DSA 2795-1] lighttpd security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2795-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert November 13, 2013 http://www.debian.org/security/faq - - Package: lighttpd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-4508 CVE-2013-4559 CVE-2013-4560 Debian Bug : 729453 Several vulnerabilities have been discovered in the lighttpd web server. CVE-2013-4508 It was discovered that lighttpd uses weak ssl ciphers when SNI (Server Name Indication) is enabled. This issue was solved by ensuring that stronger ssl ciphers are used when SNI is selected. CVE-2013-4559 The clang static analyzer was used to discover privilege escalation issues due to missing checks around lighttpd's setuid, setgid, and setgroups calls. Those are now appropriately checked. CVE-2013-4560 The clang static analyzer was used to discover a use-after-free issue when the FAM stat cache engine is enabled, which is now fixed. For the oldstable distribution (squeeze), these problems have been fixed in version 1.4.28-2+squeeze1.4. For the stable distribution (wheezy), these problems have been fixed in version 1.4.31-4+deb7u1. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version lighttpd_1.4.33-1+nmu1. We recommend that you upgrade your lighttpd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQQcBAEBCgAGBQJSgxenAAoJELjWss0C1vRzHPsgALdWQO7rsEWwjjP8fbQxsnTb 7iNsBV66hCZ6W2xlSo8rVysE1QDqAptwwX3Xq0JHteM9edFlSUTyR8ir6P7Y1ISY RnBJBj3b52m+Ni/9itsiCsO+nxTwy7YI9E/mFX4/fqHBsBZ/bm/cLOcdE9pnBTyx GHMR4i1IsvrBNH0hcfnAWf2mlvX24Mvu2ViLJsPN9pjJIVtmuMFAh1LLfKvwJ104 cBAMocie4KW7UtWTt6/cdXd306Sd4UbR/X5QVenvBLeFqoTStftXf91SvNjKzfO4 up23uZ+CADam0mGoqDf5YnvUeCNjvKIDgHUFKMWcQ3lJgX1vOwkUP5+3WDHUI5Y+ EFGYzf2/k2XL7cHykFXjHgIYrbpRHSru6attY2cC8dqMkPB6bkqXkErC3bZL67TX 7Gfdm/ruVpjE3JUrxGbA9nfXYr2L2lysouTgkuP7BDB4gPYRQvmVNIaj9QXbQ66D s89PfkkHM1jqBM7+mhzanBcntf4c0buB2FwWZV9tKBel2Q0fxOTCpn1seerJzWwR WF7Ivl234rqm8AQil/KOFfx5LEd2hnfLEm04na9ujy6dzHEIP5jQ5qlckJYWj6br 0bF5UnQu1I+A8z67NFdBdWgyzar0XNXkgGALPM1/59OquVKuWbqUrsZvxxv288ku FXuNnzkCs8eXGGJIl5CKABfTh7AfOXMd9dCYyDw6sA7ZlTjW/tebjrFGbyUqv5Ny ZA6aweTymAzXLZ7md7hHHYDuVMLJQuLRel3DPlbThhrxa8sMsn7r51CnMS9WDxnY mwX1xpWdykttmWad6cv4K3sr73+N5SDQfaxES/Q0QVUvWjsmFYEF7aibcobaiRoO 1lpZe1ThsCokR7l/o+Ja2X+sSC6mA8M+SJ83u8sfFC/Z40r3+l0sV8W7a8dQNXdt s3mGMZsFpBqcvbHNmqL11eziNekuB7W+Tngk/5cJQ07f149JtvW7yJs7X64nSmER p9smvZWC0CwKuWw8U6YwvIwcZgfGjfzUlcgMmD0n+jNtymVXbDDWyxBKuGXc1JMJ 6SFw59/0YgidhP8SVvQ+a2BcgO7c+Ks7uz2dcuSPvsU8CCn1XLDzApcWNzkuUjsz 7oYf10AkJ770BeMg7OzmZV1lHP3JXTZeM13ae9Y+14nq0ykY4hPGcEJN15K7Esnk 1uNrI8cmAK+5IkgsjEkUidF7xvsfrMX/Fu3f0uMXZCOl+Rest5yHzncqe3V/CfG6 OpLsHr+unMRZ107p8xSmV/CpzWuuR9rRNdH9Cle7omjF066nP/J8KskS5zWTJoPw zmJuow5+H2uiffE+Q29u6WgCNOEp2XXrgXNLxH6RXJiSIHk//3vwrw+tPRe8D+M= =cCF1 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows Local DOS on Win32 Handle Validation
Links to PoC source and binaries will be posted shortly here and on my twitter @sixtyvividtails. Source: http://pastebin.com/we0ZSQC0 Compiled binary: https://mega.co.nz/#!81knHAKa!ZPFdgSesnbj6QshWbdw5ujlMqyN7cDwxrE41Pmz08P4 -- sixtyvividta...@yandex.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] ColdFusion and Adobe Flash Player Security Updates
Adobe has released security updates for ColdFusion and Adobe Flash Player. Check this: http://www.itsecuritycenter.com/coldfusion-adobe-flash-player-security-updates.html Thanks, Alrashid ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2796-1] torque security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2796-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso November 13, 2013 http://www.debian.org/security/faq - - Package: torque Vulnerability : arbitrary code execution Problem type : remote Debian-specific: no CVE ID : CVE-2013-4495 Debian Bug : 729333 Matt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system. A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the pbs_server. For the oldstable distribution (squeeze), this problem has been fixed in version 2.4.8+dfsg-9squeeze3. For the stable distribution (wheezy), this problem has been fixed in version 2.4.16+dfsg-1+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 2.4.16+dfsg-1.3. We recommend that you upgrade your torque packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSg9JgAAoJEAVMuPMTQ89EqOIP/Au7xN2tw30qBBOtnlyDxonv Dqn5FxfAyxvsrBuD4uB4wOELNR8UiqHn1xWcRBLHTP5DJonhAHMH3VeCFJIjfj0a vUcnzu0SnChvrT1OaZEF7M7RzOzT03ylSKwA5ED6U7ZuXOPqWPSXI+hzDhjLuThf S6hrw4yAc9RI6uoMQIK5HHbPf8EwjhO+ep/cXPH7KizCw64xdpqBrkEqNvPS851C m7CjfiGp2nOMLcdr0MUA62P/tRn9PYcCrNLcVge+2TXAtZ4gWctCxd3iud4R8Abt EYnzv8uckW1/yhTyd4l2wc5U34Xbf6O6ZbuQwt9ZzF/s4XNCaX26BLcwTNWYYOmy +YnRW+QqBsiTXIS3W2uTW9w93iwgkP7t087tZx6enllxplqkkI8GNX7bWNXA2lcY iQuCLfxzsNYkhNiGkuf4NgglUbcMEw4D8V4vuHoTAVSwemLLY2ghkwSCLW1ZUHTb wI0gDJPSFp10Z3CORSHJghFX5LH25HgrKDJ4S0Waz5WjBRT21r4Li/bsYHGOMht2 jAyQ3H1Ahfk4KK/IKu5V/q6UoYMtX5On2ozCfTdUa/fLvvQHzDj6zHLmWa+ob3Xg yH+T0Fsj+laxky1N+QeYnN2uMPiAsxKsR1RLvoZk2dniStdldkwR37Pmv9jlFjnf RFqk8VMbBlX9kb5qxPdq =z3T1 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2013-091 - Groups, Communities and Co (GCC) - Access Bypass
View online: https://drupal.org/node/2135267 * Advisory ID: DRUPAL-SA-CONTRIB-2013-091 * Project: Groups, Communities and Co (GCC) [1] (third-party module) * Version: 7.x * Date: 2013-November-13 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Access bypass DESCRIPTION - This module enables you to manage groups and assign content and users to groups. The module doesn't sufficiently check permissions to some of the configuration pages allowing unprivileged users to access the roles and permissions pages of the GCC module. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * GCC 7.x-1.x versions prior to 7.x-1.1. Drupal core is not affected. If you do not use the contributed Groups, Communities and Co (GCC) [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the GCC module for Drupal 7.x, upgrade to GCC 7.x-1.1. [5] Also see the Groups, Communities and Co (GCC) [6] project page. REPORTED BY - * Jean Jacques Ancel [7] FIXED BY * Edouard Fajnzilberg [8] the module maintainer COORDINATED BY -- * Greg Knaddison [9] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [10]. Learn more about the Drupal Security team and their policies [11], writing secure code for Drupal [12], and securing your site [13]. [1] http://drupal.org/project/gcc [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/gcc [5] https://drupal.org/node/2132747 [6] http://drupal.org/project/gcc [7] https://drupal.org/user/361997 [8] https://drupal.org/user/815280 [9] http://drupal.org/user/36762 [10] http://drupal.org/contact [11] http://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2013-090 - Revisioning - Access Bypass
View online: https://drupal.org/node/2135257 * Advisory ID: DRUPAL-SA-CONTRIB-2013-090 * Project: Revisioning [1] (third-party module) * Version: 7.x * Date: 2013-November-13 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Access bypass DESCRIPTION - This module enables you to create content publication workflows whereby one version of the content is live (publicly visible), while another is being edited and moderated privately until found fit for publication. The module doesn't sufficiently apply node access permissions when used in combination with BOTH the Scheduler module AND a module that modifies the node access permissions table. As a result it is possible that content that was Scheduled to be unpublished can still be viewed by authenticated users who, based on the node access table, should no longer have permission to view this content. This vulnerability is mitigated by the fact that this only occurs for Authenticated users for Scheduled content on Drupal sites with the combination of all three modules: Revisioning, Scheduler and a module that modifies the node access table conditional on the publication status of the content. In this report this was the Organic Groups Moderation module. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Revisioning 7.x-1.x versions prior to 7.x-1.6 Drupal core is not affected. If you do not use the contributed Revisioning [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Revisioning module, version 7.x-1.5 or older, upgrade to Revisioning 7.x-1.6 [5] Also see the Revisioning [6] project page. REPORTED BY - * Pete Gillis [7] FIXED BY * Rik de Boer [8], the module maintainer, with assistance from Pete Gillis [9] COORDINATED BY -- * Greg Knaddison [10] of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [11]. Learn more about the Drupal Security team and their policies [12], writing secure code for Drupal [13], and securing your site [14]. [1] http://drupal.org/project/revisioning [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/revisioning [5] https://drupal.org/node/2133555 [6] http://drupal.org/project/revisioning [7] http://drupal.org/user/373976 [8] http://drupal.org/user/404007 [9] http://drupal.org/user/373976 [10] http://drupal.org/user/36762 [11] http://drupal.org/contact [12] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Security-news] SA-CONTRIB-2013-092 - Misery - Denial of Service (DOS) vulnerability.
View online: https://drupal.org/node/2135273 * Advisory ID: DRUPAL-SA-CONTRIB-2013-092 * Project: Misery [1] (third-party module) * Version: 6.x, 7.x * Date: 2013-November-13 * Security risk: Not critical [2] * Exploitable from: Remote * Vulnerability: Multiple vulnerabilities DESCRIPTION - This module enables you to make life difficult for certain users, such as trolls, as an alternative to banning or deleting them from a community. The module provides means by which to punish members of your website. The aim of misery is to be not traceable by users on the misery list, so misery actions should be sufficiently subtle so as to avoid suspicion. The module doesn't sufficiently warn about issues that can arise if high values are set on the delay misery configuration, which is active by default. Users who are made to suffer delay missery can make multiple requests to the site and consume all the web serving processes, causing a denial of service. This vulnerability is mitigated by the fact that an administrator can change these configuration values on a per user basis within the interface. The option can also be turned off. CVE IDENTIFIER(S) ISSUED * /A CVE identifier [3] will be requested, and added upon issuance, in accordance with Drupal Security Team processes./ VERSIONS AFFECTED --- * Misery 6.x-2.x versions prior to 6.x-2.5. * Misery 7.x-2.x versions prior to 7.x-2.2. Drupal core is not affected. If you do not use the contributed Misery [4] module, there is nothing you need to do. SOLUTION Install the latest version: * If you use the Misery module for Drupal 6.x, upgrade to Misery 6.x-2.5 [5] * If you use the Misery module for Drupal 7.x, upgrade to Misery 7.x-2.2 [6] And check your misery delay configuration. Also see the Misery [7] project page. REPORTED BY - * David Norman [8] FIXED BY * Jorge Tutor [9] the module maintainer COORDINATED BY -- * Greg Knaddison [10] of the Drupal Security Team * Laurence Liss [11] provisional member of the Drupal Security Team CONTACT AND MORE INFORMATION The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [12]. Learn more about the Drupal Security team and their policies [13], writing secure code for Drupal [14], and securing your site [15]. [1] http://drupal.org/project/misery [2] http://drupal.org/security-team/risk-levels [3] http://cve.mitre.org/ [4] http://drupal.org/project/misery [5] https://drupal.org/node/2134409 [6] https://drupal.org/node/2134413 [7] http://drupal.org/project/misery [8] http://drupal.org/user/972 [9] http://drupal.org/user/600158 [10] http://drupal.org/user/36762 [11] http://drupal.org/user/724750 [12] http://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2797-1] icedove security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2797-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff November 13, 2013 http://www.debian.org/security/faq - - Package: icedove Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-5590 CVE-2013-5595 CVE-2013-5597 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5604 Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, and other implementation errors may lead to the execution of arbitrary code. The Icedove version in the oldstable distribution (squeeze) is no longer supported with full security updates. However, it should be noted that almost all security issues in Icedove stem from the included browser engine. These security problems only affect Icedove if scripting and HTML mails are enabled. If there are security issues specific to Icedove (e.g. a hypothetical buffer overflow in the IMAP implementation) we'll make an effort to backport such fixes to oldstable. For the stable distribution (wheezy), these problems have been fixed in version 17.0.10-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 17.0.10-1. We recommend that you upgrade your icedove packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iEYEARECAAYFAlKD8mcACgkQXm3vHE4uyloeHwCfWWO3MfAFcAEkE8o0vhKz5Yg1 jXIAoLqGrMpnsOHhE3A1PUMl/QxpVKWN =SP2m -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/