User: Password:
|
|
Subscribe / Log in / New account

Security

SSL flaws revealed at Black Hat

By Jake Edge
August 5, 2009

The annual Black Hat security conference in Las Vegas is probably the premier security event each year—at least for the disclosure of new vulnerabilities. The event usually has one or more high-profile disclosures that often lead to software vendors and projects scrambling to fix the vulnerable code. This year was no exception, with Secure Sockets Layer (SSL) taking center stage. Two of the vulnerabilities led to Mozilla security updates, while others showed flaws in the certificate authority (CA) infrastructure and browser handling of Extended Validation (EV) SSL certificates.

The most serious problem would seem to be a disconnect between CAs and browsers on how to handle certificates with NUL (i.e. '\0') bytes in the domain name. CAs have been willing to issue certificates for host/domain names containing NULs, but browsers were handling them in ways that made certificate spoofing much easier. Moxie Marlinspike and Dan Kaminsky independently discovered the problem and both presented about it at Black Hat. Marlinspike's example was a certificate issued for www.paypal.com\0.thoughtcrime.org, which would appear to be a legitimate PayPal certificate to the browser user.

It has been argued that the CAs should not be issuing certificates of that sort, especially given that C-based programs interpret NUL as the end of string, but the browsers have a certain amount of responsibility here as well. It's hard to see a legitimate use for a certificate with a NUL byte as part of the domain name, but browsers could and should have used the string length, which is specified in the certificate to determine how to display and handle the domain name. The CAs should also stop signing such certificates, and revoke those that they have already issued, but that, of course, doesn't stop anyone from self-signing a certificate with a NUL byte in the domain name.

The flaw could be exploited to do a man-in-the-middle attack against users. An attacker who could intercept network traffic—via a compromised, or just maliciously configured, wireless router for example—could present one of these certificates when a victim visited PayPal. Because the browser only looked at the host name information before the NUL, the user would believe they had a secure session with PayPal, when, in fact, they were talking to a host under the attacker's control.

Marlinspike found another problem, which only seems to have affected the Firefox 3.0 series, in how wildcards were handled in the host names presented in certificates. Wildcard certificates are meant to solve the problem of multiple hosts in a given domain that need to share certificates. So, a CA could sign a single certificate that would work for webhost00.example.com through webhost99.example.com. Firefox 3.0 and earlier supported a non-standard Netscape regular expression syntax which Marlinspike found a way to exploit.

That exploit would cause a heap overflow that could allow arbitrary code execution—another particularly nasty outcome. According to the Mozilla advisory: "With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw."

Kaminsky's talk also covered a number of other issues with SSL certificate handling. Red Hat's director of security response Mark Cox summarized those problems along with their impact on various free software packages. For the most part, they had much less impact than the NUL-byte spoofing attack, which Cox notes as having been fixed in April for Firefox 3.5 in RHEL.

Another presentation on SSL came from Alexander Sotirov and Mike Zusman. They showed that EV certificates can be replaced with valid, conventional (aka Domain Validated or DV) certificates without changing the browsers display to reflect the potentially reduced security. Browsers display sites using EV certificates in green in the address bar to denote the supposed higher security. By using a man-in-the-middle attack, and a valid DV certificate for the domain, they were able to send the second certificate, which caused the browser to switch encryption keys to that contained in the DV certificate. So the session was secured with the "lesser" DV certificate, which the attacker controlled, but still showed the green address bar.

Zusman also gave a presentation at DefCon (which follows Black Hat) on the reliability of the web applications that CAs use for handling certificate requests. As might be guessed, they turn out to be vulnerable to the usual web application suspects: cross-site scripting and SQL injection, but he found additional problems as well. He was able to circumvent the domain name validation used by some CAs so that he could get certificates for domains that he did not control.

It is rather worrisome that the CAs, who are supposedly guarding the safety of web traffic, are so lax about the security of their own applications. As Zusman noted in the article: "If you can game a CA's validation mechanism, they don't get hurt — they might even make some money. [Those] who suffer are those who use the Internet."

SSL is an important part of the web infrastructure that users must rely on daily to protect their communications with sensitive sites. It is not surprising that it would be targeted by security researchers, nor is it all that surprising that problems were found. While attacks against these specific problems may be difficult to pull off in practice, they represent holes that clearly need to be filled. If security researchers are finding these kinds of problems, it's pretty likely that attackers are finding them as well—but the attackers are much less likely to tell us about it at Black Hat.

Comments (5 posted)

Brief items

SquirrelMail plugins compromised

The SquirrelMail team has sent out a notice saying that three plugins (sasql, multilogin, and change_pass) were compromised on the project's server. "Parts of these code changes attempts to send mail to an offsite server containing passwords. We cannot establish a timeline of when these plugins were compromised. If you are a user of these plugins, it is strongly recommended you download a fresh copy from the plugins repository." Changing passwords and looking for intrusions might also be a good idea.

Full Story (comments: 6)

New vulnerabilities

django: file request forgery

Package(s):django CVE #(s):
Created:August 4, 2009 Updated:August 5, 2009
Description: From the Django security advisory: Django includes a lightweight, WSGI-based web server for use in learning Django and in testing new applications during early stages of development. For sake of convenience, this web server automatically maps certain URLs corresponding to the static media files used by the Django administrative application. The handler which maps these URLs did not properly check the requested URL to verify that it corresponds to a static media file used by Django. As such, a carefully-crafted URL can cause the development server to serve any file to which it has read access.
Alerts:
Fedora FEDORA-2009-8177 Django 2009-07-31
Fedora FEDORA-2009-8169 Django 2009-07-31

Comments (none posted)

drupal-date: cross site scripting

Package(s):drupal-date CVE #(s):
Created:July 31, 2009 Updated:September 21, 2009
Description: From the Fedora advisory: The Date module provides a date CCK field that can be added to any content type. The Date Tools module that is bundled with Date module does not properly escape user input when displaying labels for fields on a content type. A malicious user with the 'use date tools' permission of the Date Tools sub-module, or the 'administer content types' permission could attempt a cross site scripting [1] (XSS) attack when creating a new content type, leading to the user gaining full administrative access.
Alerts:
Fedora FEDORA-2009-9754 drupal-date 2009-09-18
Fedora FEDORA-2009-9736 drupal-date 2009-09-18
Fedora FEDORA-2009-8184 drupal-date 2009-07-31
Fedora FEDORA-2009-8162 drupal-date 2009-07-31

Comments (none posted)

firebird: denial of service

Package(s):firebird CVE #(s):CVE-2009-2620
Created:August 3, 2009 Updated:September 1, 2009
Description:

From the Mandriva advisory:

src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference (CVE-2009-2620).

Alerts:
Fedora FEDORA-2009-8340 firebird 2009-08-07
Fedora FEDORA-2009-8317 firebird 2009-08-07
Mandriva MDVSA-2009:186 firebird 2009-08-01

Comments (none posted)

firefox: integer overflow

Package(s):firefox CVE #(s):CVE-2009-2468
Created:July 31, 2009 Updated:August 5, 2009
Description: From the CVE entry: Integer overflow in CoreGraphics in Apple Mac OS X, as used in Mozilla Firefox before 3.0.12, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194.
Alerts:
Gentoo 201405-13 pango 2014-05-17
Mandriva MDVSA-2009:185 firefox 2009-07-30
Mandriva MDVSA-2009:182 firefox 2009-07-30

Comments (none posted)

firefox: heap overflow in certificate regexp parsing

Package(s):firefox CVE #(s):CVE-2009-2404
Created:August 4, 2009 Updated:March 31, 2010
Description: From the Mozilla advisory: Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw.
Alerts:
Gentoo 201301-01 firefox 2013-01-07
Debian DSA-2025-1 icedove 2010-03-31
Mandriva MDVSA-2009:197-3 nss 2009-12-03
Mandriva MDVSA-2009:197-2 nss 2009-09-11
Debian DSA-1874-1 nss 2009-08-26
Mandriva MDVSA-2009:216 mozilla-thunderbird 2009-08-23
Red Hat RHSA-2009:1207-01 nspr nss 2009-08-12
Mandriva MDVSA-2009:198 firefox 2009-08-07
Mandriva MDVSA-2009:197 nss 2009-08-07
Ubuntu USN-810-2 nspr 2009-08-04
Ubuntu USN-810-1 nss 2009-08-04
CentOS CESA-2009:1185 seamonkey 2009-07-31
Red Hat RHSA-2009:1185-01 seamonkey 2009-07-30
Red Hat RHSA-2009:1190-01 nspr, nss 2009-07-31
Red Hat RHSA-2009:1186-01 nspr, nss 2009-07-30
Red Hat RHSA-2009:1184-01 nspr, nss 2009-07-30
Fedora FEDORA-2009-8288 Miro 2009-08-05
Fedora FEDORA-2009-8288 xulrunner 2009-08-05
Fedora FEDORA-2009-8288 yelp 2009-08-05
Fedora FEDORA-2009-8288 ruby-gnome2 2009-08-05
Fedora FEDORA-2009-8288 perl-Gtk2-MozEmbed 2009-08-05
Fedora FEDORA-2009-8288 pcmanx-gtk2 2009-08-05
Fedora FEDORA-2009-8288 mugshot 2009-08-05
Fedora FEDORA-2009-8288 mozvoikko 2009-08-05
Fedora FEDORA-2009-8288 kazehakase 2009-08-05
Fedora FEDORA-2009-8288 google-gadgets 2009-08-05
Fedora FEDORA-2009-8288 gnome-web-photo 2009-08-05
Fedora FEDORA-2009-8288 gnome-python2-extras 2009-08-05
Fedora FEDORA-2009-8288 gecko-sharp2 2009-08-05
Fedora FEDORA-2009-8288 galeon 2009-08-05
Fedora FEDORA-2009-8288 firefox 2009-08-05
Fedora FEDORA-2009-8288 evolution-rss 2009-08-05
Fedora FEDORA-2009-8279 chmsee 2009-08-05
SuSE SUSE-SA:2009:048 MozillaFirefox 2009-10-20
Fedora FEDORA-2009-8279 blam 2009-08-05
Fedora FEDORA-2009-8288 blam 2009-08-05
Slackware SSA:2009-215-01 mozilla-firefox 2009-08-04

Comments (none posted)

firefox: compromise of SSL-protected communication

Package(s):firefox CVE #(s):CVE-2009-2408
Created:August 4, 2009 Updated:October 5, 2010
Description: From the Mozilla advisory: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions.
Alerts:
Mandriva MDVSA-2014:014 php 2014-01-21
Gentoo 201301-01 firefox 2013-01-07
Debian DSA-2025-1 icedove 2010-03-31
Mandriva MDVSA-2010:027 kdelibs4 2010-01-27
Mandriva MDVSA-2010:028 kdelibs4 2010-01-27
Mandriva MDVSA-2009:203-1 curl 2009-12-04
Mandriva MDVSA-2009:315 libneon 2009-12-04
Mandriva MDVSA-2009:201-1 fetchmail 2009-12-04
Mandriva MDVSA-2009:197-3 nss 2009-12-03
Mandriva MDVSA-2009:217-3 mozilla-thunderbird 2009-12-03
SuSE SUSE-SR:2009:018 cyrus-imapd, neon/libneon, freeradius, strongswan, openldap2, apache2-mod_jk, expat, xpdf, mozilla-nspr 2009-11-10
Mandriva MDVSA-2009:203 curl 2009-08-15
Mandriva MDVSA-2009:201 fetchmail 2009-08-12
Red Hat RHSA-2009:1207-01 nspr nss 2009-08-12
Mandriva MDVSA-2009:198 firefox 2009-08-07
Mandriva MDVSA-2009:197 nss 2009-08-07
Ubuntu USN-810-2 nspr 2009-08-04
Ubuntu USN-810-1 nss 2009-08-04
Red Hat RHSA-2009:1190-01 nspr, nss 2009-07-31
Red Hat RHSA-2009:1186-01 nspr, nss 2009-07-30
Red Hat RHSA-2009:1184-01 nspr, nss 2009-07-30
Fedora FEDORA-2009-8288 ruby-gnome2 2009-08-05
Fedora FEDORA-2009-8288 xulrunner 2009-08-05
Fedora FEDORA-2009-8288 yelp 2009-08-05
Fedora FEDORA-2009-8288 perl-Gtk2-MozEmbed 2009-08-05
Fedora FEDORA-2009-8288 pcmanx-gtk2 2009-08-05
Fedora FEDORA-2009-8288 mugshot 2009-08-05
Fedora FEDORA-2009-8288 mozvoikko 2009-08-05
Fedora FEDORA-2009-8288 Miro 2009-08-05
Fedora FEDORA-2009-8288 kazehakase 2009-08-05
Fedora FEDORA-2009-8288 google-gadgets 2009-08-05
Fedora FEDORA-2009-8288 gnome-web-photo 2009-08-05
Fedora FEDORA-2009-8288 gnome-python2-extras 2009-08-05
Fedora FEDORA-2009-8288 gecko-sharp2 2009-08-05
Fedora FEDORA-2009-8288 galeon 2009-08-05
Fedora FEDORA-2009-8288 firefox 2009-08-05
Fedora FEDORA-2009-8288 evolution-rss 2009-08-05
Fedora FEDORA-2009-8279 chmsee 2009-08-05
Fedora FEDORA-2009-8279 blam 2009-08-05
Fedora FEDORA-2009-8288 blam 2009-08-05
Slackware SSA:2009-215-01 mozilla-firefox 2009-08-04
Mandriva MDVSA-2009:288 proftpd 2009-10-23

Comments (none posted)

firefox: address spoofing

Package(s):firefox xulrunner CVE #(s):CVE-2009-2654
Created:August 5, 2009 Updated:December 22, 2009
Description: The firefox browser allows attackers to spoof the information in the address bar, facilitating phishing attacks. Fixes are in versions 3.0.13 and 3.5.2.
Alerts:
Gentoo 201301-01 firefox 2013-01-07
Mandriva MDVSA-2009:339 firefox 2009-12-22
Mandriva MDVSA-2009:338 firefox 2009-12-22
CentOS CESA-2009:1431 seamonkey 2009-09-10
CentOS CESA-2009:1430 firefox 2009-09-10
CentOS CESA-2009:1432 seamonkey 2009-09-10
Red Hat RHSA-2009:1432-01 seamonkey 2009-09-09
Red Hat RHSA-2009:1431-01 seamonkey 2009-09-09
Red Hat RHSA-2009:1430-01 firefox 2009-09-09
Debian DSA-1873-1 xulrunner 2009-08-26
Mandriva MDVSA-2009:198 firefox 2009-08-07
SuSE SUSE-SA:2009:048 MozillaFirefox 2009-10-20
Fedora FEDORA-2009-8279 xulrunner 2009-08-05
Fedora FEDORA-2009-8288 xulrunner 2009-08-05
Fedora FEDORA-2009-8279 yelp 2009-08-05
Fedora FEDORA-2009-8288 yelp 2009-08-05
Fedora FEDORA-2009-8279 seahorse-plugins 2009-08-05
Fedora FEDORA-2009-8279 ruby-gnome2 2009-08-05
Fedora FEDORA-2009-8288 ruby-gnome2 2009-08-05
Fedora FEDORA-2009-8279 perl-Gtk2-MozEmbed 2009-08-05
Fedora FEDORA-2009-8288 perl-Gtk2-MozEmbed 2009-08-05
Fedora FEDORA-2009-8288 pcmanx-gtk2 2009-08-05
Fedora FEDORA-2009-8288 mugshot 2009-08-05
Fedora FEDORA-2009-8279 mozvoikko 2009-08-05
Fedora FEDORA-2009-8288 mozvoikko 2009-08-05
Fedora FEDORA-2009-8279 Miro 2009-08-05
Fedora FEDORA-2009-8288 Miro 2009-08-05
Fedora FEDORA-2009-8279 kazehakase 2009-08-05
Fedora FEDORA-2009-8288 kazehakase 2009-08-05
Fedora FEDORA-2009-8279 hulahop 2009-08-05
Fedora FEDORA-2009-8279 google-gadgets 2009-08-05
Fedora FEDORA-2009-8288 google-gadgets 2009-08-05
Fedora FEDORA-2009-8279 gnome-web-photo 2009-08-05
Fedora FEDORA-2009-8288 gnome-web-photo 2009-08-05
Fedora FEDORA-2009-8279 gnome-python2-extras 2009-08-05
Fedora FEDORA-2009-8288 gnome-python2-extras 2009-08-05
Fedora FEDORA-2009-8288 gecko-sharp2 2009-08-05
Fedora FEDORA-2009-8279 galeon 2009-08-05
Fedora FEDORA-2009-8288 galeon 2009-08-05
Fedora FEDORA-2009-8279 firefox 2009-08-05
Fedora FEDORA-2009-8288 firefox 2009-08-05
Fedora FEDORA-2009-8279 evolution-rss 2009-08-05
Fedora FEDORA-2009-8288 evolution-rss 2009-08-05
Fedora FEDORA-2009-8279 epiphany-extensions 2009-08-05
Fedora FEDORA-2009-8279 chmsee 2009-08-05
Fedora FEDORA-2009-8279 blam 2009-08-05
Fedora FEDORA-2009-8288 blam 2009-08-05
Ubuntu USN-811-1 firefox-3.0, xulrunner-1.9 2009-08-05

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):
Created:August 5, 2009 Updated:August 5, 2009
Description: Firefox 3.5.2 fixes a number of vulnerabilities, two of which are labeled "critical."
Alerts:
Fedora FEDORA-2009-8279 xulrunner 2009-08-05
Fedora FEDORA-2009-8279 seahorse-plugins 2009-08-05
Fedora FEDORA-2009-8279 Miro 2009-08-05
Fedora FEDORA-2009-8279 yelp 2009-08-05
Fedora FEDORA-2009-8279 ruby-gnome2 2009-08-05
Fedora FEDORA-2009-8279 perl-Gtk2-MozEmbed 2009-08-05
Fedora FEDORA-2009-8279 mozvoikko 2009-08-05
Fedora FEDORA-2009-8279 kazehakase 2009-08-05
Fedora FEDORA-2009-8279 hulahop 2009-08-05
Fedora FEDORA-2009-8279 google-gadgets 2009-08-05
Fedora FEDORA-2009-8279 gnome-web-photo 2009-08-05
Fedora FEDORA-2009-8279 gnome-python2-extras 2009-08-05
Fedora FEDORA-2009-8279 galeon 2009-08-05
Fedora FEDORA-2009-8279 firefox 2009-08-05
Fedora FEDORA-2009-8279 evolution-rss 2009-08-05
Fedora FEDORA-2009-8279 epiphany-extensions 2009-08-05
Fedora FEDORA-2009-8279 epiphany 2009-08-05

Comments (none posted)

flash-plugin: multiple vulnerabilities

Package(s):flash-plugin CVE #(s):CVE-2009-1862 CVE-2009-1863 CVE-2009-1864 CVE-2009-1865 CVE-2009-1866 CVE-2009-1867 CVE-2009-1868 CVE-2009-1869 CVE-2009-1870
Created:July 31, 2009 Updated:August 7, 2009
Description: From the Red Hat advisory:

Multiple security flaws were found in the way Flash Player displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, possibly, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2009-1862, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1868, CVE-2009-1869)

A clickjacking flaw was discovered in Flash Player. A specially-crafted SWF file could trick a user into unintentionally or mistakenly clicking a link or a dialog. (CVE-2009-1867)

A flaw was found in the Flash Player local sandbox. A specially-crafted SWF file could cause information disclosure when it was saved to the hard drive. (CVE-2009-1870)

Alerts:
Gentoo 200908-04 adobe-flash 2009-08-07
SuSE SUSE-SA:2009:041 flash-player 2009-08-05
Red Hat RHSA-2009:1189-01 flash-plugin 2009-07-31
Red Hat RHSA-2009:1188-01 flash-plugin 2009-07-31

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2009-1388
Created:August 4, 2009 Updated:August 5, 2009
Description: From the CVE entry: The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread.
Alerts:
CentOS CESA-2009:1193 kernel 2009-08-05
Red Hat RHSA-2009:1193-01 kernel 2009-08-04

Comments (none posted)

nspr, nss:weak hash signatures

Package(s):nspr, nss CVE #(s):CVE-2009-2409
Created:July 31, 2009 Updated:April 28, 2010
Description: From the Red Hat advisory: Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409)
Alerts:
Mandriva MDVSA-2010:084 java-1.6.0-openjdk 2010-04-28
Red Hat RHSA-2010:0166-01 gnutls 2010-03-25
CentOS CESA-2010:0166 gnutls 2010-03-26
CentOS CESA-2010:0163 openssl 2010-03-25
Red Hat RHSA-2010:0163-01 openssl 2010-03-25
CentOS CESA-2010:0054 openssl 2010-01-20
Red Hat RHSA-2010:0054-01 openssl 2010-01-19
Pardus 2010-22 sun-jdk sun-jre 2010-02-04
Mandriva MDVSA-2009:310 openssl 2009-12-03
Mandriva MDVSA-2009:197-3 nss 2009-12-03
Gentoo 200912-01 openssl 2009-12-01
Mandriva MDVSA-2009:239 openssl 2009-09-22
Mandriva MDVSA-2009:238 openssl 2009-09-21
Mandriva MDVSA-2009:237 openssl 2009-09-21
Debian DSA-1888-1 openssl 2009-09-15
Ubuntu USN-830-1 openssl 2009-09-14
Mandriva MDVSA-2009:197-2 nss 2009-09-11
CentOS CESA-2009:1432 seamonkey 2009-09-10
Red Hat RHSA-2009:1432-01 seamonkey 2009-09-09
Debian DSA-1874-1 nss 2009-08-26
Mandriva MDVSA-2009:216 mozilla-thunderbird 2009-08-23
Ubuntu USN-809-1 gnutls12, gnutls13, gnutls26 2009-08-19
Red Hat RHSA-2009:1207-01 nspr nss 2009-08-12
Mandriva MDVSA-2009:197 nss 2009-08-07
Ubuntu USN-810-2 nspr 2009-08-04
Ubuntu USN-810-1 nss 2009-08-04
Red Hat RHSA-2009:1190-01 nspr, nss 2009-07-31
Red Hat RHSA-2009:1186-01 nspr, nss 2009-07-30
Red Hat RHSA-2009:1184-01 nspr, nss 2009-07-30
Gentoo 200911-02 sun-jre-bin 2009-11-17
Debian DSA-1935-1 gnutls13 2009-11-17
Fedora FEDORA-2009-11489 java-1.6.0-openjdk 2009-11-14
Fedora FEDORA-2009-11486 java-1.6.0-openjdk 2009-11-14
Fedora FEDORA-2009-11490 java-1.6.0-openjdk 2009-11-14
Ubuntu USN-859-1 openjdk-6 2009-11-13
Red Hat RHSA-2009:1584-01 java-1.6.0-openjdk 2009-11-16
CentOS CESA-2009:1584 java-1.6.0-openjdk 2009-11-18
Red Hat RHSA-2009:1560-01 java-1.6.0-sun 2009-11-09

Comments (none posted)

pdfedit: multiple vulnerabilities

Package(s):pdfedit CVE #(s):
Created:August 5, 2009 Updated:August 5, 2009
Description: pdfedit contains "several serious remote vulnerabilities"; see this advisory for (minimal) further information.
Alerts:
Fedora FEDORA-2009-7924 pdfedit 2009-07-23

Comments (none posted)

php4-eaccelerator: arbitrary code execution

Package(s):php4-eaccelerator CVE #(s):CVE-2009-2353
Created:August 3, 2009 Updated:August 5, 2009
Description:

From the Mandriva advisory:

encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files (CVE-2009-2353).

Alerts:
Mandriva MDVSA-2009:188 php4-eaccelerator 2009-08-01

Comments (none posted)

sssd: privilege escalation

Package(s):sssd CVE #(s):CVE-2009-2410
Created:July 30, 2009 Updated:August 5, 2009
Description: From the Fedora alert: If a user was added to the SSSD BE database without setting a password, the user could ssh to the SSSD configured client and enter any password to gain access. This update resolves this issue so users with no password set are no longer able to login.
Alerts:
Fedora FEDORA-2009-8101 sssd 2009-07-29

Comments (none posted)

wordpress: cross-site scripting

Package(s):wordpress CVE #(s):
Created:August 5, 2009 Updated:August 7, 2009
Description: Wordpress prior to version 2.8.2 contains a cross-site scripting vulnerability associated with comment author URLs.
Alerts:
Fedora FEDORA-2009-8328 wordpress 2009-08-07
Fedora FEDORA-2009-8307 wordpress 2009-08-07
Fedora FEDORA-2009-8109 wordpress 2009-07-29
Fedora FEDORA-2009-8114 wordpress 2009-07-29

Comments (none posted)

xml-security-c: authentication bypass

Package(s):xml-security-c CVE #(s):CVE-2009-0217
Created:July 31, 2009 Updated:June 4, 2010
Description: From the CVE entry: The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Alerts:
Gentoo 201408-19 openoffice-bin 2014-08-31
Gentoo 201206-13 mono, mono-debugger 2012-06-21
Pardus 2010-67 openoffice 2010-06-04
SuSE SUSE-SA:2010:017 OpenOffice_org 2010-03-16
SuSE SUSE-SA:2010:004 java-1_6_0-ibm 2010-01-12
Red Hat RHSA-2009:1694-01 java-1.6.0-ibm 2009-12-23
Mandriva MDVSA-2009:322 mono 2009-12-07
Mandriva MDVSA-2009:318 xmlsec1 2009-12-05
Ubuntu USN-903-1 openoffice.org 2010-02-24
Debian DSA-1995-1 openoffice.org 2010-02-12
Mandriva MDVSA-2009:269 mono 2009-10-12
Mandriva MDVSA-2009:268 mono 2009-10-12
CentOS CESA-2009:1428 xmlsec1 2009-09-08
Red Hat RHSA-2009:1428-01 xmlsec1 2009-09-08
Mandriva MDVSA-2009:267 xmlsec1 2009-10-10
Ubuntu USN-826-1 mono 2009-08-26
Mandriva MDVSA-2009:209 java-1.6.0-openjdk 2009-08-21
Fedora FEDORA-2009-8456 xmlsec1 2009-08-11
Fedora FEDORA-2009-8473 xmlsec1 2009-08-11
Ubuntu USN-814-1 openjdk-6 2009-08-11
CentOS CESA-2009:1201 java-1.6.0-openjdk 2009-08-08
Red Hat RHSA-2009:1201-01 java-1.6.0-openjdk 2009-08-06
Red Hat RHSA-2009:1200-01 java-1.6.0-sun 2009-08-06
Fedora FEDORA-2009-8337 java-1.6.0-openjdk 2009-08-07
Fedora FEDORA-2009-8329 java-1.6.0-openjdk 2009-08-07
Debian DSA-1849-1 xml-security-c 2009-08-02
Fedora FEDORA-2009-8157 xml-security-c 2009-07-31
Fedora FEDORA-2009-8121 xml-security-c 2009-07-31
SuSE SUSE-SA:2009:053 java-1_6_0-ibm 2009-11-04
CentOS CESA-2009:1428 xmlsec1 2009-10-30

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>


Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds