|
|
| |
|
| |
Security
By Nathan Willis
June 20, 2012
The Internet Corporation for Assigned Names and Numbers (ICANN) is
committed to launching a slew of new generic top level domains (gTLDs;
i.e., those that are not country-code TLDs), and the first assortment of
proposals has been published. ICANN's process has attracted no shortage
of criticism, but there are also concerns over how the availability of
hundreds of unrestricted TLDs will impact security.
In 2000, ICANN approved the first new gTLDs since the dawn of the
DNS system in the 1980's. That set of seven domains (.aero, .biz,
.coop, .info, .museum, .name, and .pro) was selected by ICANN's board
out of roughly 40 applications, in one of its first official acts.
ICANN policy dictates that the "sponsored" gTLDs — .aero, .coop,
and .museum — be used only by particular industries or groups,
and that the "restricted" gTLDs — .biz, .name, and .pro —
be used only for specific purposes. Those requirements sound similar,
with the main difference being that sponsored gTLDs are proposed by
and subsequently managed by private entities. Eight more gTLDs were
approved in 2003: .asia, .cat, .jobs, .mobi, .tel, .travel., .post,
and .xxx, all of which are sponsored.
The current round of new gTLD selection is supposed to usher in
unlimited numbers of new domains. The application period started on
January 12 and ended on April 12, during which time ICANN took in
1,930 applications from 1,268 separate applicants. ICANN charged a
$185,000 application fee for each domain, with the understanding that
a $25,000 annual fee would accompany any domain eventually approved.
ICANN published a one-page overview
[PDF]
of the applications, noting that there were 230 domains that had more
than one applicant vying for control.
The list
reads much like you would expect; there are plenty of companies
seeking control of the .app, .secure, and .web gTLDs, many more out to
create a brand-specific gTLD (such as .google and .bmw), and a few
community- or geographically-oriented applications (such as .africa,
.catholic, or .ieee). Up next comes the objection
and dispute resolution process, which is tentatively slated to
last seven months. Each objection to a gTLD application must meet one
of ICANN's four grounds for objection (which are listed on the page),
be brought by someone who meets the "standing" criteria, and include
the appropriate fee (which varies depending on the objection). Those
without deep pockets can also leave
a comment at no charge, although comments that do not meet the
formal objection grounds will not be forwarded to the evaluation
panels.
Disputes between multiple organizations after the same domain will be
handled by an ICANN review committee. If a consensus cannot be
reached, the disputed domain will be auctioned off. The review
process divides the entire set of applications into batches, with the
first batch scheduled to land on reviewers' desks in July. ICANN has
devised a mechanism
for sorting applications into batches that is, shall we say, novel.
Each applicant logs in to the ICANN site and competes to click on a
timestamp-generating button; the applicants that come closest to
hitting the target time are in batch one. Applicants (although
perhaps "players" is more descriptive) get to select their own target
time, and are allowed to practice before generating their timestamp
for real.
Divide and conquer
The timestamp-generating process (which ICANN itself refers
to as "digital archery") has attracted plenty of
criticism and even mockery. But there are more substantial objections to
the batching process, too. Rohan Pearce at Computerworld quotes
one domain registrar as saying that applicants in later batches could
find themselves waiting a number of years before their applications
reach the examination stage.
The size of the fees associated with the process has also generated
criticism. There is not much data with which to impartially
compare ICANN's fee structure — apart from the fact that
$185,000 is a substantial hike from 2000 and 2003's $50,000 sticker
price. ICANN contends that running a gTLD is an expensive process not
to be undertaken casually, so the fees are meant in part to discourage
throngs of cybersquatters or mischief-makers from bogging down the
process. NPR says
that many see the high stakes as a "land grab" unfairly blocking
out non-profit and community groups in favor of well-heeled
businesses. It also notes that domain speculators shelled out a lot
of capital for gTLDs of common words, including one company that filed
307 separate applications. The National
Association of Advertisers even started a public petition to
protest the policy, arguing that it forces business to spend money
defensively acquiring domain names just to protect their brands.
Finally, there have long been critics who contend that ICANN and its
processes are too US-centric. SiliconValley.com reports
that China, Russia, and Brazil have lobbied to have ICANN's functions
transferred to the United Nations or another international body. 911
of the 1,930 gTLD applications came from North America, which is not a
majority, but may be enough to bolster such complaints.
Security implications
A radically-expanded set of valid gTLDs may also impact security. For
starters, with 2,000 TLDs in the wild, it will be more difficult for
legitimate businesses to police all of the possible variations on
their name and product brand — or expensive to register them
all. That will make it easier for domain phishing attackers to slip a
phony site past users' eyes. E.g., in the heat of the moment, are you
sure that your bank's actual URL was MyBank.finance
and not MyBank.financial, or that you typed
zork.games instead of zork.game? ICANN received
applications for all four of those gTLDs.
It is also possible that the massive influx of new top-level
registrars will make it more likely for a nefarious player of some
sort to get into the gTLD game. A phisher running a domain registrar
is a little far-fetched, but there are other possibilities. Some have
suggested that the expansion plan will overload the root DNS zone, and
that it would be better to partition the root. China has proposed
a plan to the IETF that implements multiple autonomous roots. Under
the plan, China would control its own country code TLD (.cn) and other
national domain names, but still call out to peer DNS networks to
resolve other domain names. Computerworld quotes
Patrik Wallström of OpenDNSSEC as saying that the
proposal instead amounts to "a way to severely segment the
Internet," and notes China's reputation for blocking access to
Internet content.
Then again, ICANN has had its own in-house security problems plague
the gTLD process. It accidentally posted
the mailing addresses and other personal information of applicants on
the public web site (information which was supposed to remain
confidential). That leak followed May's incident, in which the
organization had to shut down the gTLD application system because it
inadvertently exposed
personal information to other applicants.
Whatever the long-term impact is on security, one can rest assured
that increasing the number of TLDs by a factor of 100 will cause
considerable extra work for administrators and developers, on every
task from email address verification to traffic analysis. The fifteen
new gTLDs ICANN has already introduced still account for only a
fraction of the registrations in the original TLDs, and while none of
the newly-proposed TLDs are likely to unseat .com either,
rewriting the rules of what constitutes a valid domain will have
far-reaching impacts.
Comments (21 posted)
Brief items
Far-fetched tales of West African riches
strike most as comical. Our analysis suggests that is an
advantage to the attacker, not a disadvantage. Since
his attack has a low density of victims the Nigerian
scammer has an over-riding need to reduce false positives. By sending an email that repels all but the most
gullible the scammer gets the most promising marks to
self-select, and tilts the true to false positive ratio in his
favor.
-- Cormac
Herley [PDF] in Why do Nigerian Scammers Say They are from Nigeria?
From the tone of the hearing, and the language of the House resolution, we are being asked to believe that "the position of the United States Government has been and is to advocate for the flow of information free from government control."
If only it were true. The reality is that Congress increasingly has its paws all over the Internet. Lawmakers and regulators are busier than ever trying to expand the horizons of cyber-control across the board: copyright mandates, cybersecurity rules, privacy regulations, speech controls, and much more.
-- Jerry Brito and Adam Thierer
This seems to be a result of a fundamental misunderstanding of the economic incentives involved here, combined with a magical thinking that a market solution solves all. In airport screening, the passenger isn't the customer. (Technically he is, but only indirectly.) The airline isn't even the customer. The customer is the U.S. government, who is in the grip of an irrational fear of terrorism.
It doesn't matter if an airport screener receives a paycheck signed by the Department of the Treasury or Private Airport Screening Services, Inc. As long as a terrorized government -- one that needs to be seen by voters as "tough on terror," wants to stop every terrorist attack regardless of the cost, and is willing to sacrifice all for the illusion of security -- gets to set the security standards, we're going to get TSA-style security.
-- Bruce
Schneier on a TSA privatization bill
Comments (none posted)
New vulnerabilities
389-ds-base: denial of service
| Package(s): | 389-ds-base |
CVE #(s): | CVE-2012-0833
|
| Created: | June 20, 2012 |
Updated: | July 10, 2012 |
| Description: |
From the Red Hat advisory:
A flaw was found in the way the 389 Directory Server daemon (ns-slapd)
handled access control instructions (ACIs) using certificate groups. If an
LDAP user that had a certificate group defined attempted to bind to the
directory server, it would cause ns-slapd to enter an infinite loop and
consume an excessive amount of CPU time. |
| Alerts: |
|
Comments (none posted)
389-ds-base: plain text password disclosure
| Package(s): | 389-ds-base |
CVE #(s): | CVE-2012-2678
CVE-2012-2746
|
| Created: | June 20, 2012 |
Updated: | July 11, 2012 |
| Description: |
From the Red Hat advisory:
A flaw was found in the way 389 Directory Server handled password changes.
If an LDAP user has changed their password, and the directory server has
not been restarted since that change, an attacker able to bind to the
directory server could obtain the plain text version of that user's
password via the "unhashed#user#password" attribute. (CVE-2012-2678)
It was found that when the password for an LDAP user was changed, and audit
logging was enabled (it is disabled by default), the new password was
written to the audit log in plain text form. This update introduces a new
configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which
when set to "on" (the default option), prevents 389 Directory Server from
writing plain text passwords to the audit log. This option can be
configured in "/etc/dirsrv/slapd-[ID]/dse.ldif". (CVE-2012-2746) |
| Alerts: |
|
Comments (none posted)
abrt: information leak
| Package(s): | abrt, libreport, btparser, python-meh |
CVE #(s): | CVE-2012-1106
|
| Created: | June 20, 2012 |
Updated: | December 12, 2012 |
| Description: |
From the Red Hat advisory:
If the C handler plug-in in ABRT was enabled (the abrt-addon-ccpp package
installed and the abrt-ccpp service running), and the sysctl
fs.suid_dumpable option was set to "2" (it is "0" by default), core dumps
of set user ID (setuid) programs were created with insecure group ID
permissions. This could allow local, unprivileged users to obtain sensitive
information from the core dump files of setuid processes they would
otherwise not be able to access. |
| Alerts: |
|
Comments (none posted)
apt: man-in-the-middle attack
| Package(s): | apt |
CVE #(s): | CVE-2012-0954
|
| Created: | June 18, 2012 |
Updated: | June 20, 2012 |
| Description: |
From the Ubuntu advisory:
Georgi Guninski discovered that APT did not properly validate imported
keyrings via apt-key net-update. USN-1475-1 added additional verification
for imported keyrings, but it was insufficient. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could potentially be
used to install altered packages. This update corrects the issue by
disabling the net-update option completely. A future update will re-enable
the option with corrected verification. |
| Alerts: |
|
Comments (none posted)
clamav: multiple vulnerabilities
| Package(s): | clamav |
CVE #(s): | CVE-2012-1457
CVE-2012-1458
CVE-2012-1459
|
| Created: | June 18, 2012 |
Updated: | August 17, 2012 |
| Description: |
From the Mandriva advisory:
The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass
malware detection via a TAR archive entry with a length field that
exceeds the total TAR file size. NOTE: this may later be SPLIT into
multiple CVEs if additional information is published showing that the
error occurred independently in different TAR parser implementations
(CVE-2012-1457).
The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers
to bypass malware detection via a crafted reset interval in the LZXC
header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs
if additional information is published showing that the error occurred
independently in different CHM parser implementations (CVE-2012-1458).
The TAR file parser in ClamAV 0.96.4 allows remote attackers to
bypass malware detection via a TAR archive entry with a length field
corresponding to that entire entry, plus part of the header of the
next entry. NOTE: this may later be SPLIT into multiple CVEs if
additional information is published showing that the error occurred
independently in different TAR parser implementations (CVE-2012-1459). |
| Alerts: |
|
Comments (none posted)
ffmpeg: multiple vulnerabilities
| Package(s): | ffmpeg |
CVE #(s): | CVE-2011-3951
CVE-2011-3952
CVE-2012-0851
CVE-2012-0852
|
| Created: | June 15, 2012 |
Updated: | August 7, 2012 |
| Description: |
From the Debian advisory:
It was discovered that ffmpeg, Debian's version of the libav media
codec suite, contains vulnerabilities in the DPCM codecs
(CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM (CVE-2012-0852), and the
KMVC decoder (CVE-2011-3952). |
| Alerts: |
|
Comments (none posted)
java: multiple unspecified vulnerabilities
| Package(s): | java-1.7.0-oracle |
CVE #(s): | CVE-2012-0551
CVE-2012-1721
CVE-2012-1722
CVE-2012-1726
|
| Created: | June 20, 2012 |
Updated: | September 28, 2012 |
| Description: |
From the CVE entries:
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment. (CVE-2012-0551)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1722. (CVE-2012-1721)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1721. (CVE-2012-1722)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. (CVE-2012-1726) |
| Alerts: |
|
Comments (2 posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2012-2137
CVE-2012-2373
|
| Created: | June 19, 2012 |
Updated: | October 12, 2012 |
| Description: |
From the Red Hat advisory:
A buffer overflow flaw was found in the setup_routing_entry() function in
the KVM subsystem of the Linux kernel in the way the Message Signaled
Interrupts (MSI) routing entry was handled. A local, unprivileged user
could use this flaw to cause a denial of service or, possibly, escalate
their privileges. (CVE-2012-2137)
A race condition was found in the Linux kernel's memory management
subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on
32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user
could use this flaw to cause a denial of service. (CVE-2012-2373) |
| Alerts: |
|
Comments (none posted)
krb5: denial of service
| Package(s): | krb5 |
CVE #(s): | CVE-2012-1013
|
| Created: | June 14, 2012 |
Updated: | August 1, 2012 |
| Description: |
From the Kerberos release notes:
Fix a kadmind denial of service issue (null pointer dereference),
which could only be triggered by an administrator with the "create"
privilege. [CVE-2012-1013] |
| Alerts: |
|
Comments (none posted)
libav: multiple vulnerabilities
| Package(s): | libav |
CVE #(s): | CVE-2011-3945
CVE-2011-4031
CVE-2012-0848
CVE-2012-0850
CVE-2012-0858
CVE-2012-0859
|
| Created: | June 18, 2012 |
Updated: | February 18, 2013 |
| Description: |
From the Ubuntu advisory:
Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed Kega Game Video (KGV1) files. If a user were
tricked into opening a crafted Kega Game Video (KGV1) file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program. This
issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3945)
Jeong Wook Oh discovered that Libav incorrectly handled certain malformed
ASF files. If a user were tricked into opening a crafted ASF file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.10. (CVE-2011-4031)
It was discovered that Libav incorrectly handled certain malformed
Westwood SNDx files. If a user were tricked into opening a crafted Westwood
SNDx file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. This issue only affected Ubuntu 11.10.
(CVE-2012-0848)
Diana Elena Muscalu discovered that Libav incorrectly handled certain
malformed AAC files. If a user were tricked into opening a crafted AAC
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0850)
It was discovered that Libav incorrectly handled certain malformed Shorten
files. If a user were tricked into opening a crafted Shorten file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0858)
It was discovered that Libav incorrectly handled certain malformed Vorbis
files. If a user were tricked into opening a crafted Vorbis file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0859) |
| Alerts: |
|
Comments (none posted)
libguestfs: unintended file access
| Package(s): | libguestfs |
CVE #(s): | CVE-2012-2690
|
| Created: | June 20, 2012 |
Updated: | July 10, 2012 |
| Description: |
From the Red Hat advisory:
It was found that editing files with virt-edit left said files in a
world-readable state (and did not preserve the file owner or
Security-Enhanced Linux context). If an administrator on the host used
virt-edit to edit a file inside a guest, the file would be left with
world-readable permissions. This could lead to unprivileged guest users
accessing files they would otherwise be unable to. |
| Alerts: |
|
Comments (none posted)
libvirt: unintended access to USB devices
| Package(s): | libvirt |
CVE #(s): | CVE-2012-2693
|
| Created: | June 20, 2012 |
Updated: | January 17, 2013 |
| Description: |
From the Red Hat advisory:
Bus and device IDs were ignored when attempting to attach multiple USB
devices with identical vendor or product IDs to a guest. This could result
in the wrong device being attached to a guest, giving that guest root
access to the device. |
| Alerts: |
|
Comments (none posted)
mysql: temporary denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2012-2102
|
| Created: | June 20, 2012 |
Updated: | July 10, 2012 |
| Description: |
From the Red Hat advisory:
A flaw was found in the way MySQL processed HANDLER READ NEXT statements
after deleting a record. A remote, authenticated attacker could use this
flaw to provide such requests, causing mysqld to crash. This issue only
caused a temporary denial of service, as mysqld was automatically restarted
after the crash. |
| Alerts: |
|
Comments (none posted)
nss: multiple vulnerabilities
| Package(s): | nss, nss-util, nspr |
CVE #(s): | |
| Created: | June 20, 2012 |
Updated: | July 11, 2012 |
| Description: |
Red Hat has updated nss, nss-util, and nspr packages that fix one security issue, several bugs, and add various enhancements. |
| Alerts: |
|
Comments (none posted)
openconnect: denial of service
| Package(s): | openconnect |
CVE #(s): | CVE-2012-3291
|
| Created: | June 18, 2012 |
Updated: | July 10, 2012 |
| Description: |
From the Debian advisory:
A buffer overflow was discovered in OpenConnect, a client for the Cisco
AnyConnect VPN, which could result in denial of service. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2012-1164
|
| Created: | June 20, 2012 |
Updated: | August 13, 2012 |
| Description: |
From the Red Hat advisory:
A denial of service flaw was found in the way the OpenLDAP server daemon
(slapd) processed certain search queries requesting only attributes and no
values. In certain configurations, a remote attacker could issue a
specially-crafted LDAP search query that, when processed by slapd, would
cause slapd to crash due to an assertion failure. |
| Alerts: |
|
Comments (none posted)
openssh: denial of service
| Package(s): | openssh |
CVE #(s): | CVE-2011-5000
|
| Created: | June 20, 2012 |
Updated: | July 11, 2012 |
| Description: |
From the Red Hat advisory:
A denial of service flaw was found in the OpenSSH GSSAPI authentication
implementation. A remote, authenticated user could use this flaw to make
the OpenSSH server daemon (sshd) use an excessive amount of memory, leading
to a denial of service. GSSAPI authentication is enabled by default
("GSSAPIAuthentication yes" in "/etc/ssh/sshd_config"). |
| Alerts: |
|
Comments (none posted)
opera: multiple vulnerabilities
Comments (none posted)
oracle-update: man-in-the-middle attack
| Package(s): | oracle-update |
CVE #(s): | CVE-2012-1675
|
| Created: | June 20, 2012 |
Updated: | June 20, 2012 |
| Description: |
From the CVE entry:
The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison." |
| Alerts: |
|
Comments (none posted)
php-symfony-symfony: session fixation flaw
| Package(s): | php-symfony-symfony |
CVE #(s): | CVE-2012-2667
|
| Created: | June 15, 2012 |
Updated: | June 20, 2012 |
| Description: |
From the Fedora advisory:
Bug #828079 - CVE-2012-2667 php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=828079
|
| Alerts: |
|
Comments (none posted)
python: cross-site scripting
| Package(s): | python |
CVE #(s): | CVE-2011-4940
|
| Created: | June 18, 2012 |
Updated: | October 18, 2012 |
| Description: |
From the Red Hat advisory:
A flaw was found in the way the Python SimpleHTTPServer module generated
directory listings. An attacker able to upload a file with a
specially-crafted name to a server could possibly perform a cross-site
scripting (XSS) attack against victims visiting a listing page generated by
SimpleHTTPServer, for a directory containing the crafted file (if the
victims were using certain web browsers). |
| Alerts: |
|
Comments (none posted)
qt: multiple vulnerabilities
| Package(s): | qt |
CVE #(s): | CVE-2010-5076
CVE-2011-3922
|
| Created: | June 20, 2012 |
Updated: | July 10, 2012 |
| Description: |
From the Red Hat advisory:
A buffer overflow flaw was found in the harfbuzz module in Qt. If a user
loaded a specially-crafted font file with an application linked against Qt,
it could cause the application to crash or, possibly, execute arbitrary
code with the privileges of the user running the application.
(CVE-2011-3922)
A flaw was found in the way Qt handled X.509 certificates with IP address
wildcards. An attacker able to obtain a certificate with a Common Name
containing an IP wildcard could possibly use this flaw to impersonate an
SSL server to client applications that are using Qt. This update also
introduces more strict handling for hostname wildcard certificates by
disallowing the wildcard character to match more than one hostname
component. (CVE-2010-5076) |
| Alerts: |
|
Comments (none posted)
quagga: denial of service
| Package(s): | quagga |
CVE #(s): | CVE-2012-1820
|
| Created: | June 19, 2012 |
Updated: | April 10, 2013 |
| Description: |
From the Red Hat bugzilla:
A denial of service flaw was found in the way Quagga's bgpd daemon processed certain OPEN messages. A configured Border Gateway Protocol (BGP) peer could send a BGP OPEN message with specially-crafted value of the Outbound Route Filtering (ORF) capability Type/Length/Value (TLV) triplet, which would cause the master BGP daemon (bgpd) to abort with an assertion failure by processing of such a message. Also, all BGP sessions established by the attacked router would be closed and its BGP routing disrupted. |
| Alerts: |
|
Comments (none posted)
rubygem-actionpack: Unsafe query generation
Comments (none posted)
rubygem-activerecord: SQL injection
Comments (none posted)
sblim-cim-client2: predictable hash collisions
| Package(s): | sblim-cim-client2 |
CVE #(s): | CVE-2012-2328
|
| Created: | June 20, 2012 |
Updated: | January 23, 2013 |
| Description: |
From the Red Hat advisory:
It was found that the Java HashMap implementation was susceptible to
predictable hash collisions. SBLIM uses HashMap when parsing XML inputs. A
specially-crafted CIM-XML message from a WBEM (Web-Based Enterprise
Management) server could cause a SBLIM client to use an excessive amount of
CPU. Randomization has been added to help avoid collisions. |
| Alerts: |
|
Comments (none posted)
sos: privilege escalation
| Package(s): | sos |
CVE #(s): | CVE-2012-2664
|
| Created: | June 20, 2012 |
Updated: | July 11, 2012 |
| Description: |
From the Red Hat advisory:
The sosreport utility collected the Kickstart configuration file
("/root/anaconda-ks.cfg"), but did not remove the root user's password from
it before adding the file to the resulting archive of debugging
information. An attacker able to access the archive could possibly use this
flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually
only contains a hash of the password, not the plain text password. |
| Alerts: |
|
Comments (none posted)
Page editor: Jake Edge
Next page: Kernel development>>
|
|
|