gmane.comp.security.bugtraq

CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops!

Sławomir Jabs — 2013-05-17T11:47:27

Everything has a story, everything evolves, adapts to changing circumstances
but does your IT Sec strategy evolve with the development of the digital
world?

Are you wiling to gamble on the security of you systems?

Join the upcoming CONFidence conference and meet both renown speakers and
specialists who deal with the IT security on a daily basis. People like,
you, who never stop asking questions and play with risks all the time...

We will gather in Krakow, Poland on 28-29th May, 2013 on an extreme
conference...

1. The schedule:

Check out the schedule of the conference, as it will feature:
- Felix "fx" Lindner and  Gregor Kopf  discussing virtual and physical
switching,
- Fernando Gont discussing the Ipv6 network reconnaissance,
- Ilja van Sprudel discussing his analysis of linux insecurities,
- a couple of topics related to Mobile security including presentations from
Jesse Burns, Georgia Weidman and Yury Chemerkin,
- Meredith L. Patterson discussing the state of LANGSEC,
- and many more concerning compu

APPLE-SA-2013-05-16-1 iTunes 11.0.3

Apple Product Security — 2013-05-16T17:37:55

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2013-05-16-1 iTunes 11.0.3

iTunes 11.0.3 is now available and addresses the following:

iTunes
Available for:  Mac OS X v10.6.8 or later, Windows 7, Vista,
XP SP2 or later
Impact:  An attacker in a privileged network position may manipulate
HTTPS server certificates, leading to the disclosure of sensitive
information
Description:  A certificate validation issue existed in iTunes. In
certain contexts, an active network attacker could present untrusted
certificates to iTunes and they would be accepted without warning.
This issue was resolved by improved certificate validation.
CVE-ID
CVE-2013-1014 : Christopher of ThinkSECURE Pte Ltd, Christopher
Hickstein of University of Minnesota

iTunes
Available for:  Windows 7, Vista, XP SP2 or later
Impact:  A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code executionn
Description:  Multiple memory corruption issues existed in W

ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability

Security Alert — 2013-05-16T14:04:57

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability

EMC Identifier: ESA-2013-029

CVE Identifier: CVE-2013-0941

Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)

 

Affected Products:

RSA Authentication API versions prior to 8.1 SP1 

RSA Web Agent for Apache Web Server versions prior to 5.3.5 

RSA Web Agent for IIS versions prior to 5.3.5 

RSA PAM Agent versions prior to 7.0 

RSA Agent for Microsoft Windows versions prior to 6.1.4  

 

Unaffected Products:

RSA Authentication API versions 8.1 SP1 and later

RSA Web Agent for Apache Web Server versions 5.3.5 and later

RSA Web Agent for IIS versions 5.3.5 and later

RSA PAM Agent versions 7.0 and later

RSA Agent for Microsoft Windows version 6.1.4

RSA EAP Client 7.0 and later

RSA Authentication Agent for Microsoft Windows 7.1

RSA SecurID Authentication Agent 7.1  for Web for Apache Web Server

RSA SecurID Authenticati

ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability

Security Alert — 2013-05-16T14:03:24

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability 


EMC Identifier: ESA-2013-041


CVE Identifier: CVE-2013-3270


Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)


Affected products:  

EMC VNX Control Station versions prior 7.1.70.2 
EMC Celerra Control Station versions prior 6.0.70.1


Summary:  

A vulnerability exists in EMC VNX and EMC Celerra Control Station that could result in elevation of privileges by a lower level administrator with access to the system.


Details:  

Script files in affected products exist with ownership permissions for the nasadmin group account (different from the nasadmin user). Commands in these files could be executed in a root-level context. A less privileged administrator could exploit this vulnerability to run arbitrary commands as the root user.

Note: The nasadmin user account on the VNX or Celerra Control Station is desig

[SECURITY] [DSA 2669-1] linux security update

dann frazier — 2013-05-16T02:48:53

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-2669-1                security< at >debian.org
http://www.debian.org/security/                           Dann Frazier
May 15, 2013                        http://www.debian.org/security/faq
- ----------------------------------------------------------------------

Package        : linux
Vulnerability  : privilege escalation/denial of service/information leak
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2013-0160 CVE-2013-1796 CVE-2013-1929 CVE-2013-1979
                 CVE-2013-2015 CVE-2013-2094 CVE-2013-3076 CVE-2013-3222
                 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227
                 CVE-2013-3228 CVE-2013-3229 CVE-2013-3231 CVE-2013-3234
                 CVE-2013-3235 CVE-2013-3301

Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service, information leak or privilege escala

Cisco Security Advisory: Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability

Cisco Systems Product Security Incident Response Team — 2013-05-15T16:00:08

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability

Advisory ID: cisco-sa-20130515-mse

Revision 1.0

For Public Release 2013 May 15 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130515-mse
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)

iF4EAREKAAYFAlGTkX0ACgkQUddfH3/BbTqBrAD/d72SaHSpIobiIRsxt3mix+un
hm8A7MB7AYUp74iliGIA/jTzBZEumgt1RgP0Lfvs4SQQZSN3wBQHnR9pH845cgjS
=0mDU
-----END PGP SIGNATU

Multiple Vulnerabilities in Exponent CMS

2013-05-15T11:12:28

Advisory ID: HTB23154
Product: Exponent CMS
Vendor: Online Innovative Creations
Vulnerable Version(s): 2.2.0 beta 3 and probably prior
Tested Version: 2.2.0 beta 3
Vendor Notification: April 24, 2013 
Vendor Patch: May 3, 2013 
Public Disclosure: May 15, 2013 
Vulnerability Type: SQL Injection [CWE-89], PHP File Inclusion [CWE-98]
CVE References: CVE-2013-3294, CVE-2013-3295
Risk Level: High 
CVSSv2 Base Scores: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P), 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 

-----------------------------------------------------------------------------------------------

Advisory Details:

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Exponent CMS, which can be exploited to execute arbitrary SQL commands in the database of vulnerable application and execute arbitrary PHP code on the vulnerable system.


1) SQL Injection in Exponent CMS: CV

[ MDVSA-2013:165 ] firefox

2013-05-15T10:19:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:165
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : firefox
 Date    : May 15, 2013
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple security issues was identified and fixed in mozilla firefox:
 
 Mozilla developers identified and fixed several memory safety
 bugs in the browser engine used in Firefox and other Mozilla-based
 products. Some of these bugs showed evidence of memory corruption under
 certain circumstances, and we presume that with enough effort at least
 some of these could be exploited to run arbitrary code (CVE-2013-0801).
 
 Security researcher Cody Crews reported a method to call a content
 level constructor that allows for this cons

[security bulletin] HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code

2013-05-15T03:35:25

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03714526

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03714526
Version: 3

HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service
(DoS) and Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2013-03-27
Last Updated: 2013-05-14

Potential Security Impact: Remote Denial of Service (DoS), execution of
arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running
XNTP. The vulnerability could be exploited remotely to create a Denial of
Service (DoS) or execute arbitrary code.

References: CVE-2009-3563, CVE-2009-0159

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP

[SECURITY] [DSA 2668-1] linux-2.6 security update

dann frazier — 2013-05-14T19:14:29

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-2668-1                security< at >debian.org
http://www.debian.org/security/                           Dann Frazier
May 14, 2013                        http://www.debian.org/security/faq
- ----------------------------------------------------------------------

Package        : linux-2.6
Vulnerability  : privilege escalation/denial of service/information leak
Problem type   : local/remote
Debian-specific: no
CVE Id(s)      : CVE-2012-2121 CVE-2012-3552 CVE-2012-4461 CVE-2012-4508
                 CVE-2012-6537 CVE-2012-6539 CVE-2012-6540 CVE-2012-6542
                 CVE-2012-6544 CVE-2012-6545 CVE-2012-6546 CVE-2012-6548
                 CVE-2012-6549 CVE-2013-0349 CVE-2013-0914 CVE-2013-1767
                 CVE-2013-1773 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796
                 CVE-2013-1798 CVE-2013-1826 CVE-2013-1860 CVE-2013-1928
                 CVE-2013-19

File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities

Vulnerability Lab — 2013-05-12T21:18:16

======
File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities


Date:
=====
2013-05-04


References:
===========
http://www.vulnerability-lab.com/get_content.php?id=939


VL-ID:
=====
939


Common Vulnerability Scoring System:
====================================
5.9


Introduction:
=============
You have tons of files you need to get from one device to another, so what do you do? You use File Pro, that’s what you do. 
App Chronicles! Multipurpose, Easy-to-Use and Robust app for files & documents. Import files, documents & media from PC/Mac, 
email attachments, dropbox, sugarsync, iCloud & Box.net to File Pro along with amazing transfer features of FTP and Wifi. 
The only documents manager app which includes total security of files along with PDF scanner, Audio Recorder and editing 
TXT files. Open all kind of file & documents including RAR and CBR files.

(Copy of the Homepage: https://itunes.apple.com/de/app/file-pro-document-viewer-file/id537623975 )  [PRO VERSION]
(Copy of the Homepage: https://it

SimpleTransfer 2.2.1 - Command Injection Vulnerabilities

Vulnerability Lab — 2013-05-12T21:11:23

Title:
======
SimpleTransfer 2.2.1 - Command Injection Vulnerabilities


Date:
=====
2013-05-03


References:
===========
http://www.vulnerability-lab.com/get_content.php?id=937


VL-ID:
=====
937


Common Vulnerability Scoring System:
====================================
5.6


Introduction:
=============
Simple Transfer is the easiest way of transferring your Photos and Videos to computer and other iOS devices via WiFi. 
No need for cable, iTunes or extra software.

* View all your photo albums and videos on your computer and download them as zip file via WiFi
* Send multiple photos and videos from your computer to your device
* Transfer any number of photos and videos between iOS devices (iPhone, iPad and iPod Touch), 
select an album and tap on ``Select All`` to transfer all your photos/videos
* Ability to create new albums and transfer to photos/videos to other albums
* Photos are transferred with full resolution including metadata and videos transferred with the highest quality
* No limit on the number

Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities

Vulnerability Lab — 2013-05-12T21:02:31

Title:
======
Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities


Date:
=====
2013-04-27


References:
===========
http://www.vulnerability-lab.com/get_content.php?id=934


VL-ID:
=====
934


Common Vulnerability Scoring System:
====================================
5.6


Introduction:
=============
Is it too difficult to get your photos and videos in original quality from your iPhone or iPad? Simply access them 
from any nearby computer or another iPhone/iPod/iPad using Web Browser without need to install any 3rd party transfer utilities.

* Access and download all your photos and videos instantly without iTunes syncing and without installing 3rd party transfer utilities
* Simply run WiFi Photo Access on your device and point Web Browser on your computer to displayed address
* One tap download for photos or videoclips (you can also choose to view in current window or view in new window) to another iPhone/iPad 
or any Mac or PC computer
* Download all videoclips in original and unmodified HD quality

Wifi Album v1.47 iOS - Command Injection Vulnerability

Vulnerability Lab — 2013-05-12T20:55:26

Title:
======
Wifi Album v1.47 iOS - Command Injection Vulnerability


Date:
=====
2013-04-25


References:
===========
http://www.vulnerability-lab.com/get_content.php?id=935


VL-ID:
=====
935


Common Vulnerability Scoring System:
====================================
5.6


Introduction:
=============
WiFi Album allows you to easily transfer photos and videos between iPhone,iPad,iTouch,iMac and PC. Transfer photos and videos 
over WiFi, no cables or extra software required. In this version, iPhone to iPhone connecting function added! you can found 
other wifi album iPhone around of you, view or download items from their shared album directly.

To manage your album in computer, Just start the app and enter the displayed address into the address bar of your browser. 
Works with any computer that has a modern browser (like desktop or portable computers, iPads, or even an other iPhone) and is 
on the same wifi network as your iPhone, iPod or iPad.

- View albums on PC directly
- Easy put photos/videos on iPod/

Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities

Vulnerability Lab — 2013-05-12T20:50:08

Title:
======
Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities


Date:
=====
2013-04-21


References:
===========
http://www.vulnerability-lab.com/get_content.php?id=932


VL-ID:
=====
932


Common Vulnerability Scoring System:
====================================
6.1


Introduction:
=============
Easily access your photo libraries via wifi from any computer with a web browser! Just start the app and enter the 
displayed address into the address bar of your browser. Works with any computer that has a modern browser (like desktop 
or portable computers, iPads, or even an other iPhone) and is on the same wifi network as your phone, iPod or iPad.

- You can select and transfer multiple photos at once
- EXIF metadata is retained in mass-download mode (not in one-by-one mode)
- Optional password protection for the web interface
- Can also be used to download videos
- Transfer in full resolution or scaled down
- No extra software required

(Copy of the Homepage: #1  https://itunes.apple.com/de/app/wifi

Wireless Disk PRO v2.3 iOS - Multiple Web Vulnerabilities

Vulnerability Lab — 2013-05-12T20:42:23

Title:
======
Wireless Disk PRO v2.3 iOS - Multiple Web Vulnerabilities


Date:
=====
2013-02-26


References:
===========
http://www.vulnerability-lab.com/get_content.php?id=883


VL-ID:
=====
883


Common Vulnerability Scoring System:
====================================
6.2


Introduction:
=============
AirDisk Pro allows you to store, view and manage files on your iPhone, iPad or iPod touch. You can connect to AirDisk Pro from any Mac or 
PC over the Wi-Fi network and transfer files by drag & drop files straight from the Finder or Windows Explorer.

DOCUMENT READER:
Support MS Office, iWork, Text & HTML
MULTIMEDIA PLAYER:
An ability to in app create your own audio playlist with repeat, shuffle, background playback and remote control from multitask.
HTTP/FTP PASSWORD PROTECTED:
Files transfer between PC/Mac with password protected.
FILE OPERATION:
Move, Copy, Rename, Delete, Zip, Unzip, UnRAR, Create File and Folder.
FILE SHARING:
File sharing with other iPhone/iPad devices via Bluetooth or Wi-Fi connecti

[RT-SA-2013-001] Advisory: Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution

RedTeam Pentesting GmbH — 2013-05-13T14:45:52

Advisory: Exim with Dovecot: Typical Misconfiguration Leads to Remote
          Command Execution

During a penetration test a typical misconfiguration was found in the
way Dovecot is used as a local delivery agent by Exim. A common use
case for the Dovecot IMAP and POP3 server is the use of Dovecot as a
local delivery agent for Exim. The Dovecot documentation contains an example
using a dangerous configuration option for Exim, which leads to a remote
command execution vulnerability in Exim.


Details
=======

Product: Exim with Dovecot LDA and Common Example Documentation
Affected Versions: Example Configuration in Dovecot Wiki since
                   2009-10-23
Vulnerability Type: Remote Code Execution
Security Risk: HIGH
Vendor URL: http://www.exim.org http://www.dovecot.org
Vendor Status: notified
Advisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2013-001
Advisory Status: public


Introduction
============

Dovecot is an open source IMAP and POP3 server. Dovecot is used both for
small and

[ MDVSA-2013:164 ] mesa

2013-05-13T14:35:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2013:164
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : mesa
 Date    : May 13, 2013
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated mesa packages fix security vulnerability:
 
 It was discovered that Mesa incorrectly handled certain arrays. An
 attacker could use this issue to cause Mesa to crash, resulting in a
 denial of service, or possibly execute arbitrary code (CVE-2012-5129).
 
 Mesa has also been updated to version 8.0.5, fixing several bugs.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5129
 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-01

[SECURITY] [DSA 2667-1] mysql-5.5 security update

Moritz Muehlenhoff — 2013-05-12T19:35:40

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2667-1                   security< at >debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
May 12, 2013                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mysql-5.5
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-1502 CVE-2013-1511 CVE-2013-1532 CVE-2013-1544 
                 CVE-2013-2375 CVE-2013-2376 CVE-2013-2389 CVE-2013-2391 
                 CVE-2013-2392

Several issues have been discovered in the MySQL database server. The 
vulnerabilities are addressed by upgrading MySQL to a new upstream 
version, 5.5.31, which includes additional changes, such as performance 
improvements and corrections for data loss defects. 

For the stable distribution (wheezy), these problems have b

[SECURITY] [DSA 2666-1] xen security update

Salvatore Bonaccorso — 2013-05-12T13:53:35

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2666-1                   security< at >debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
May 12, 2013                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xen
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2013-1918 CVE-2013-1952 CVE-2013-1964

Multiple vulnerabilities have been discovered in the Xen hypervisor. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2013-1918 (XSA 45) Several long latency operations are not preemptible

    Some page table manipulation operations for PV guests were not made
    preemptible, allowing a malicious or buggy PV guest kernel to mount a
    denial of service attack affecting the whole system.

CVE-2013-1952 (XS

WASC Announcement: Static Analysis Technologies Evaluation Criteria Published

2013-05-10T18:21:49

The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a
static code analysis technology that is intended to be used during
source-code driven security programs. This document provides a
comprehensive list of criteria that should be considered during the
evaluation process.

WASC Static Analysis Technologies Evaluation Criteria
http://projects.webappsec.org/Static%20Analysis%20Technologies%20Evaluation%20Criteria


Target Audience:
The target audience of this document is the technical staff of software
organizations who are looking to automate parts of their application
security assurance programs using one or more static code analysis
technology, as well as application security professionals who are
responsible for performing application security reviews. The document will
take into co