[Full-disclosure] [SECURITY] [DSA 2812-1] samba security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2812-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff December 09, 2013 http://www.debian.org/security/faq - - Package: samba Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-4408 CVE-2013-4475 Two security issues were found in Samba, a SMB/CIFS file, print, and login server: CVE-2013-4408 It was discovered that multiple buffer overflows in the processing of DCE-RPC packets may lead to the execution of arbitrary code. CVE-2013-4475 Hemanth Thummala discovered that ACLs were not checked when opening files with alternate data streams. This issue is only exploitable if the VFS modules vfs_streams_depot and/or vfs_streams_xattr are used. For the oldstable distribution (squeeze), these problems have been fixed in version 3.5.6~dfsg-3squeeze11. For the stable distribution (wheezy), these problems have been fixed in version 3.6.6-6+deb7u2. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your samba packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iEYEARECAAYFAlKllvwACgkQXm3vHE4uylqeFwCfXK4hwDQUORI/R6IJMZPeD/NE q5gAnibkbRAkNMZetbqYxmu3LZJBQXSD =xqxf -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Vulnerabilities in Apache Solr 4.6.0
Hello, Apache Solr is search platform edited by the Apache project. Quoting http://lucene.apache.org/solr/:its major features include powerful full-text search, hit highlighting, faceted search, near real-time indexing, dynamic clustering, database integration, rich document (e.g., Word, PDF) handling, and geospatial search. Several vulnerabilities were fixed in recent versions of Solr: - directory traversal when using XSLT or Velocity templates (CVE-2013-6397 / SOLR-4882) - XXE in UpdateRequestHandler (CVE-2013-6407 / SOLR-3895) - XXE in DocumentAnalysisRequestHandler (CVE-2013-6408 / SOLR-4881) These vulnerabilities were confirmed to be exploitable also on old versions like 3.6.2. Gaining remote code execution is easy by combining the directory traversal and XXE vulnerabilities. If you wonder how these vulnerabilities could be exploited in real life setups when Solr isn't reachable directly from the Internet, you may be interested in the following blog post: http://www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html Cheers, Nicolas Grégoire ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Vulnerabilities hiddenly fixed in WordPress 3.5 and 3.5.1
Pretty sure this is like the 50th time this year you send an email regarding a vulnerability without actually specifying the vulnerability, are you sure your client isn't cutting out parts of your messages? 2013/12/8 MustLive mustl...@websecurity.com.ua Hello list! Earlier I wrote about one vulnerability in WordPress, which were hiddenly fixed in version 3.5.2 (http://seclists.org/fulldisclosure/2013/Jul/70) and about nine vulnerabilities in versions 3.6 and 3.6.1 ( http://seclists.org/fulldisclosure/2013/Nov/220). Here are new ones. These are hiddenly fixed vulnerabilities in such versions of WordPress as 3.5 and 3.5.1. Developers of WP intentionally haven't wrote about them to decrease official number of fixed holes. Which is typical for them - since 2007 they often hide fixed vulnerabilities. As I wrote in July (http://websecurity.com.ua/6634/), there are multiple vulnerabilities in Akismet plugin, which bundles with core of WordPress, so all holes in this plugin directly related to WP. But developers typically fix holes in Akismet without mentioning about them among fixed in WP (in official announcement), they even didn't mentioned in announcement or Codex about updating version of the plugin. At that they wrote about fixed holes in plugin's changelog, but didn't write about fixed holes, which I informed in 2012 (and didn't fix all the holes). So these vulnerabilities were hiddenly fixed in WP 3.5 and 3.5.1, only mentioned in the changelog ( http://wordpress.org/plugins/akismet/changelog/). WordPress 3.5.1: In this version of WP the Akismet was updated from 2.5.6 to 2.5.7. In it there were fixed few Full path disclosure vulnerabilities and added .htaccess to block direct access to plugin's files (which can be used for protecting against FPD, XSS and Redirector vulnerabilities disclosed by me in 2012). Vulnerable are WordPress 3.5 and previous versions. WordPress 3.5.2: In this version of WP the Akismet was updated from 2.5.7 to 2.5.8. In it there are security improvements (they didn't specify the details). Vulnerable are WordPress 3.5.1 and previous versions. Best wishes regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Open phones for privacy/anonymity applications, Guardian
GSM firmware is still not open-source though (as that would make phone not suitable for legal usage in USA) I'd like to see a law link that says you cannot legally use your own open source GSM compliant stack to communicate over a GSM network. Since the GSM f/w controls a radio, and thus the power, it may need a FCC certification. In which case you would need someone to finance the certification every time a new version of the Gnu firmware is released (FSF perhaps?). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2813-1] gimp security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2813-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff December 09, 2013 http://www.debian.org/security/faq - - Package: gimp Vulnerability : several Problem type : local(remote) Debian-specific: no CVE ID : CVE-2013-1913 CVE-2013-1978 Murray McAllister discovered multiple integer and buffer overflows in the XWD plugin in Gimp, which can result in the execution of arbitrary code. For the oldstable distribution (squeeze), these problems have been fixed in version 2.6.10-1+squeeze4. This update also fixes CVE-2012-3403, CVE-2012-3481 and CVE-2012-5576. For the stable distribution (wheezy), these problems have been fixed in version 2.8.2-2+deb7u1. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your gimp packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iEYEARECAAYFAlKl0q4ACgkQXm3vHE4uylpoBwCglVv4QNW12srXQk8inB4sTVQf boYAoMbYFCj+ycwu4dAn+0TIl/tnSfQX =Iw3T -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2814-1] varnish security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2814-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 09, 2013 http://www.debian.org/security/faq - - Package: varnish Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2013-4484 Debian Bug : 728989 A denial of service vulnerability was reported in varnish, a state of the art, high-performance web accelerator. With some configurations of varnish a remote attacker could mount a denial of service (child-process crash and temporary caching outage) via a GET request with trailing whitespace characters and no URI. For the oldstable distribution (squeeze), this problem has been fixed in version 2.1.3-8+deb6u1. For the stable distribution (wheezy), this problem has been fixed in version 3.0.2-2+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 3.0.5-1. We recommend that you upgrade your varnish packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSpfg2AAoJEAVMuPMTQ89EDMgP/RvQOW2J6oQ9aPrTD1t4EoXS Af1aADwLiQ6+2yRLEkFJaC3X3vBykFNHH0JniwDqQRKNE17MSZGFZpzCJVU1l1I/ e9xKKSENY17QLSLTBKX2fzXpO6TeU/jYIq/NID6G+PDcDPwP0tfVdZhQcphmUoEs yrTPjW/CFFOXhEqMG+rlCL9zJA4lRrEt80CIKgpQw/c7DZcxGn34qG8rhlOiXlYu xdyXeHxWZXsIxhIq5xvlk8++VooDpQm5ElpHBNjgQBqRXTFRo5EAJzIgTdUbopJE dmJntf+Hy2KZBvx9j+NHjrtbFWwEKM44eC1hYmJTg2RWa/H9CwrGgc2hhcPoiYX0 2hWvj3soP/Pf8fYtMNUW5O6rTyi3YfLXJQVH6p0lRsK/tPcEgRRqiabLiIVlRcc6 4OJ5h7tWMfBYOQzyWs3i6thyJFa7mTJGht0lI4kg/txt58pG+PP6BGylMYlwZtYl /ZsYsb1F1vwRm1G2wdB7j34YryENgdqVZAlF1scABJ2xLbRND9xGhcY4NXZxkE9X szsInEtu1OEy8jWUGzaGqEVMMn05jLpsk9MNV68qGU8qloNfxtYnR6xDHmhRozv/ rIHWuLEkuxLAbHEHg9oi8tv1L8uCQq2lCYS3N7wswZg40CD4Tm5vf4Yioyv/oz2H GyHEwYj1T49z8TivpTPm =bn70 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 2815-1] munin security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2815-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 09, 2013 http://www.debian.org/security/faq - - Package: munin Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2013-6048 CVE-2013-6359 Christoph Biedl discovered two denial of service vulnerabilities in munin, a network-wide graphing framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-6048 The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master. CVE-2013-6359 A malicious node, with a plugin enabled using multigraph as a multigraph service name, can abort data collection for the entire node the plugin runs on. For the stable distribution (wheezy), these problems have been fixed in version 2.0.6-4+deb7u2. For the testing distribution (jessie), these problems have been fixed in version 2.0.18-1. For the unstable distribution (sid), these problems have been fixed in version 2.0.18-1. We recommend that you upgrade your munin packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSpkCOAAoJEAVMuPMTQ89EMV8P/R+S4LjASU572SZQuYgYbz/I xEV4VD96c7rP3wbHQLdPLYhq3gbm6RbluH3nIwV5h4txplkaPEiL1YsQ/1QO3n89 hcpwBS9uOPijofDVVe0+CwfkESZF2sn4nOeWwnb7ZBqyALjMxyedMZTP7PVx3NQb VEV4k9LSkCmUfPTaaJJVv7xlKoX4kYm3zKfykyYiWEsotXqyloMpc8jluld+qULl MpTbwyhZLxF4Iw49mzwHdItQjXxfy0W76YwydCziXFjeotNvn+GoXG2mRzNhBGl4 Hlvu/9vfJZ37EI/pDV59KiqPBAexEO4rp/aHMJUOT9gMRnZ2MKCluGviquDHH1z6 8tkM0t5NmaT8JWzGsPF4H/TcJRmCP+KXDpU/T+lH2NI2F1i9qFei1b3rBGXuhVyy gZTtd/r9LYeBDWIUALWfpAIQrXnjEKlLWak8Z/7BtkrZlNV3I1KEaWgm6i16DlJw x+QavEPYErolOtQZNAfPVItXBDwYswC4Y4fcA2vQR0aR8ftvPqGqVRmE3b5kUops iIsdLSh+T2Ha5+0a95mWTefRRqME5cxbFbQyKdG/ZSHxJIICJD+ye/MS1p25awxE alpS4Mqp+yHfOfpyrA1hpPRtSCAAIZByoh8Gb5lMGb9TVMq7Ufy24HwTki1/fYI9 TcOtwDcyQn6CZL9x7nva =dUQV -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/