Security News

Re: SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products

Full Disclosure - 27 November, 2019 - 02:44

Posted by SEC Consult Vulnerability Lab on Nov 26

Hi,

we received incorrect version information during the coordination phase thus our initial advisory stated that FortiOS
v6.0.7 fixes the issue. Fortinet has just now confirmed that only v6.2.0 includes the patch. See their advisory:
https://fortiguard.com/psirt/FG-IR-18-100

SEC Consult Vulnerability Lab

CVE-2019-11932 (double free in libpl_droidsonroids_gif) many apps vulnerable

Full Disclosure - 26 November, 2019 - 13:27

Posted by Marcin Kozlowski on Nov 26

Hi list,

CVE-2019-11932 is a vulnerability in the android-gif-drawable library. Yet
the CVE text doesn't mention "android-gif-drawable". It only mentions
WhatsApp. There could be over 28,400 free Android apps that use this
library.

And it seems that quite a few (24) of those 28k+ apps other than WhatsApp
that use android-gif-drawable have install bases just as large as the
WhatsApp install base (1 billion+, per Google Play).

In...

Vulnerability in MiBox3

Full Disclosure - 26 November, 2019 - 13:26

Posted by Bug Reporter on Nov 26

HI,

I would like to report a security vulnerability in Xiaomi Mi Box (model: MIBOX3, build.id : MHC19).

The vulnerability allows rescaling and corrupting the display without any privilege requirement, thus creating an
opportunity for a non-privilege malicious app to disable the basic functionalities that the TV box is offering or can
even be used for ransomeware purpose - e.g., each time a target streaming app is launched, the malicious app...

pari/gp on debian stable allow arbitrary file write

Full Disclosure - 26 November, 2019 - 13:25

Posted by Georgi Guninski on Nov 26

pari/gp on debian stable allow arbitrary file write

pari/gp is CAS (computer algebra system).
pari/gp version 2.9.1 on debian stretch and 2.11 on debian buster
allow arbitrary file write and hence arbitrary code execution.

poc:
========
\\ a.gp
\\ to run: \r a.gp
default("logfile","/tmp/a.txt");default("log",1);print("log(1)");
========

Of mathematical interest is pari was missing solutions
to Thue...

Anhui Huami Mi Fit Android Application - Unencrypted Update Check

Full Disclosure - 26 November, 2019 - 13:23

Posted by David Coomber on Nov 26

Anhui Huami Mi Fit Android Application - Unencrypted Update Check

[CFP] Security BSides Ljubljana 0x7E4 | April 4, 2020

Full Disclosure - 26 November, 2019 - 13:22

Posted by Andraz Sraka on Nov 26

MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMN..-..--+MMNy:...-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MM:..---.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
Mm../dds.-oy.-.dMh--mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM
MMMs//yMNo+hMh---m:-:hy+sMN..+Mo..os+.-:Ny--ossssdN-.:yyo+mM...

Anhui Huami Mi Fit Android Application - Unencrypted Update Check

Bug Traq - 26 November, 2019 - 10:02

Posted by David Coomber on Nov 26

Anhui Huami Mi Fit Android Application - Unencrypted Update Check

pari/gp on debian stable allow arbitrary file write

Bug Traq - 26 November, 2019 - 05:56

Posted by Georgi Guninski on Nov 26

pari/gp on debian stable allow arbitrary file write

pari/gp is CAS (computer algebra system).
pari/gp version 2.9.1 on debian stretch and 2.11 on debian buster
allow arbitrary file write and hence arbitrary code execution.

poc:
========
\\ a.gp
\\ to run: \r a.gp
default("logfile","/tmp/a.txt");default("log",1);print("log(1)");
========

Of mathematical interest is pari was missing solutions
to Thue...

[SECURITY] [DSA 4576-1] php-imagick security update

Bug Traq - 26 November, 2019 - 03:07

Posted by Salvatore Bonaccorso on Nov 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-4576-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
November 25, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php-imagick
CVE ID : CVE-2019-11037
Debian Bug...

SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products

Bug Traq - 25 November, 2019 - 09:18

Posted by SEC Consult Vulnerability Lab on Nov 25

SEC Consult Vulnerability Lab Security Advisory < 20191125-0 >
=======================================================================
title: FortiGuard XOR Encryption
product: Multiple Fortinet Products (see Vulnerable / tested versions)
vulnerable version: Multiple (see Vulnerable / tested versions)
fixed version: Multiple (see Solution)
CVE number: CVE-2018-9195
impact: High...

SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products

Full Disclosure - 25 November, 2019 - 08:43

Posted by SEC Consult Vulnerability Lab on Nov 25

SEC Consult Vulnerability Lab Security Advisory < 20191125-0 >
=======================================================================
title: FortiGuard XOR Encryption
product: Multiple Fortinet Products (see Vulnerable / tested versions)
vulnerable version: Multiple (see Vulnerable / tested versions)
fixed version: Multiple (see Solution)
CVE number: CVE-2018-9195
impact: High...

[SECURITY] [DSA 4571-2] enigmail update

Bug Traq - 25 November, 2019 - 03:33

Posted by Moritz Muehlenhoff on Nov 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-4571-2 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 24, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : enigmail

DSA 4571-1 updated Thunderbird to the 68.x...

[SECURITY] [DSA 4575-1] chromium security update

Bug Traq - 25 November, 2019 - 03:30

Posted by Michael Gilbert on Nov 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-4575-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
November 24, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2019-13723 CVE-2019-13724...

AST-2019-007: AMI user could execute system commands.

Bug Traq - 22 November, 2019 - 05:18

Posted by Asterisk Security Team on Nov 22

Asterisk Project Security Advisory - AST-2019-007

Product Asterisk
Summary AMI user could execute system commands.
Nature of Advisory Remote Code Execution
Susceptibility Remote Authenticated Sessions
Severity Minor...

AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.

Bug Traq - 22 November, 2019 - 05:14

Posted by Asterisk Security Team on Nov 22

Asterisk Project Security Advisory -

Product Asterisk
Summary Re-invite with T.38 and malformed SDP causes crash.
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions
Severity Minor...

AST-2019-006: SIP request can change address of a SIP peer.

Bug Traq - 22 November, 2019 - 05:10

Posted by Asterisk Security Team on Nov 22

Asterisk Project Security Advisory - AST-2019-006

Product Asterisk
Summary SIP request can change address of a SIP peer.
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor...
Syndicate content