Security News

Re: Scope of Debian's /home/loser is with permissions 755, default umask 002

Full Disclosure - 15 November, 2020 - 13:07

Posted by bo0od on Nov 15

I see this is fixed in Whonix/Kicksecure which they are like hardened
debian, One for anonymity (whonix), and one for clearnet (KickSecure). I
doubt any distro fixed/hardened that.

Maybe this is interesting:
https://www.whonix.org/wiki/Dev/Strong_Linux_User_Account_Isolation

Georgi Guninski:

Scope of Debian's /home/loser is with permissions 755, default umask 002

Full Disclosure - 12 November, 2020 - 21:24

Posted by Georgi Guninski on Nov 12

On Debian /home/loser is with permissions 755, default umask 0022

(If you don't understand the numbers, this means a lot of
files are world readable).

On multiuser machines this sucks much.

Question: How much sensitive data can be read on default install?

Partial results:

1. mutt (text email client) exposes ~/.mutt/muttrc,
which might contain the imap password in plaintext.

2. Some time ago on a multiuser debian mirror we found a lot...

Avian JVM FileOutputStream.write() Integer Overflow

Full Disclosure - 12 November, 2020 - 21:24

Posted by Pietro Oliva via Fulldisclosure on Nov 12

Vulnerability title: Avian JVM FileOutputStream.write() Integer Overflow
Author: Pietro Oliva
Vendor: ReadyTalk
Product: Avian JVM
Affected version: 1.2.0 before 27th October 2020
Fixed Version: 1.2.0 since 27th October 2020

Description:
The issue is located in the FileOutputStream.write() method defined in
FileOutputStream.java, where a boundary check is performed in order to prevent
out-of-bounds memory read/write. However, this check...

[No cON Name] #ncn2k20 CFP online - Barcelona

Full Disclosure - 10 November, 2020 - 13:02

Posted by José Nicolás Castellano on Nov 10

No cON Name 2020 - Online Edition

Call For Papers https://www.noconname.org/call-for-papers/

    * INTRODUCTION
The organization has  opened CFP proposals. Our goal is to get highly 
qualified
requests  for both, speaker opportunities, as well as workshops, to show
in  one
of  the most  respected hacker conferences in  Barcelona and Spain, NcN
(No cON
Name). We will cellebrate as the last edition, 2 tracks:

    * Privacy and net...

NtFileSins v2.2 / Windows NTFS Privileged File Access Enumeration Tool (Python v3)

Full Disclosure - 10 November, 2020 - 13:01

Posted by hyp3rlinx on Nov 10

from subprocess import Popen, PIPE
import sys,argparse,re

#MIT License
#Copyright (c) 2020 John Page (aka hyp3rlinx)
#Permission is hereby granted, free of charge, to any person obtaining a
copy
#of this software and associated documentation files (the "Software"), to
deal
#in the Software without restriction, including without limitation the
rights
#to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
#copies of...

secuvera-SA-2020-01: Broken Object Level Authorization Vulnerability in OvulaRing-Webapplication

Full Disclosure - 6 November, 2020 - 13:12

Posted by Tobias Glemser on Nov 06

secuvera-SA-2020-01: Broken Object Level Authorization Vulnerability in OvulaRing-Webapplication

Affected Products
OvulaRing Webapp Version 4.2.2 (older releases have not been tested)

References
https://www.secuvera.de/advisories/secuvera-SA-2020-01.txt
https://owasp.org/www-project-api-security/ API1:2019 Broken Object Level Authorization

Summary:
"OvulaRing is an easy and accurate way to find out about your cycle health and...

Advisory: ES2020-02 - Asterisk crash due to INVITE flood over TCP

Full Disclosure - 6 November, 2020 - 13:10

Posted by Sandro Gauci on Nov 06

# Asterisk crash due to INVITE flood over TCP

- Fixed versions: 13.37.1, 16.14.1, 17.8.1, 18.0.1
- Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2020-02-asterisk-tcp-invite-crash
- Asterisk Security Advisory: https://downloads.asterisk.org/pub/security/AST-2020-001.html
- Tested vulnerable versions: 17.5.1, 17.6.0
- Timeline:
- Report date: 2020-08-31
- Triaged: 2020-09-01
- Fix provided...

APPLE-SA-2020-11-05-7 tvOS 14.2

Full Disclosure - 6 November, 2020 - 13:10

Posted by Apple Product Security via Fulldisclosure on Nov 06

APPLE-SA-2020-11-05-7 tvOS 14.2

tvOS 14.2 is now available and address the following issues.
Information about the security content is also available at
https://support.apple.com/HT211930.

Audio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei...

APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2

Full Disclosure - 6 November, 2020 - 13:10

Posted by Apple Product Security via Fulldisclosure on Nov 06

APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2

iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Information about the security content is also available at
https://support.apple.com/HT211929.

Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An...

APPLE-SA-2020-11-05-2 iOS 12.4.9

Full Disclosure - 6 November, 2020 - 13:10

Posted by Apple Product Security via Fulldisclosure on Nov 06

APPLE-SA-2020-11-05-2 iOS 12.4.9

iOS 12.4.9 is now available and address the following issues.
Information about the security content is also available at
https://support.apple.com/HT211940.

FaceTime
Available for: iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2
and 3, iPod touch (6th generation)
Impact: A user may send video in Group FaceTime calls without knowing
that they have done so
Description: A logic issue existed in the handling...

Etherify - bringing the ether back to ethernet

Full Disclosure - 6 November, 2020 - 13:10

Posted by Jacek Lipkowski on Nov 06

Hello

I've published a short description how to transmit radio signals using the
ethernet interface, for example by changing the interface speed, or by
loading the interface with packets.

The implementation is deliberately very primitive (shell scripts, uses
native system tools). The data is transmitted via morse code, so that one
can judge the signal/noise ratio be ear, and decode by ear (which is much
better. an average human...

AST-2020-002: Outbound INVITE loop on challenge with different nonce.

Full Disclosure - 5 November, 2020 - 17:26

Posted by Asterisk Security Team on Nov 05

Asterisk Project Security Advisory – AST-2020-002

Product Asterisk
Summary Outbound INVITE loop on challenge with different
nonce.
Nature of Advisory Denial of Service
Susceptibility Remote Authenticated Sessions...

AST-2020-001: Remote crash in res_pjsip_session

Full Disclosure - 5 November, 2020 - 17:26

Posted by Asterisk Security Team on Nov 05

Asterisk Project Security Advisory - AST-2020-001

Product Asterisk
Summary Remote crash in res_pjsip_session
Nature of Advisory Denial of service
Susceptibility Remote authenticated sessions
Severity Moderate...

Git LFS (git-lfs) - Remote Code Execution (RCE) exploit CVE-2020-27955 - Clone to Pwn

Full Disclosure - 5 November, 2020 - 14:39

Posted by Dawid Golunski on Nov 05

/*
Go PoC exploit for git-lfs - Remote Code Execution (RCE)
vulnerability CVE-2020-27955
git-lfs-RCE-exploit-CVE-2020-27955.go

Discovered by Dawid Golunski
https://legalhackers.com
https://exploitbox.io

Affected (RCE exploit):
Git / GitHub CLI / GitHub Desktop / Visual Studio / GitKraken /
SmartGit / SourceTree etc.
Basically the whole Windows dev world which uses git.

Usage:
Compile: go build...

SEC Consult SA-20201104-0 :: Multiple vulnerabilities in Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA)

Full Disclosure - 4 November, 2020 - 12:09

Posted by SEC Consult Vulnerability Lab on Nov 04

SEC Consult Vulnerability Lab Security Advisory < 20201104-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA)
vulnerable version: < 9.1.0 Critical Patch Build 2025
fixed version: 9.1.0 Critical Patch - Build 2025
CVE number: CVE-2020-27016, CVE-2020-27017,...

Chrome heap buffer overflow in freetype2 CVE-2020-15999

Full Disclosure - 30 October, 2020 - 11:42

Posted by Marcin Kozlowski on Oct 30

Hi list,

Debugged this issue, but somehow cannot trigger the crash in Chrome.

Seems like the font is loaded without correct flags or it was different
font I saw in debugger :)

Anybody had sucess witht this bug? Feel free to reply here or DM.

My notes:

https://github.com/marcinguy/CVE-2020-15999

Thanks,

Deana Shick on INFILTRATE ONLINE

Daily Dave - 30 October, 2020 - 08:48

Posted by Dave Aitel via Dailydave on Oct 30

Happy Friday! For those of you who enjoy laughing at my video editing job
or want to learn about how big companies do vulnerability management "at
scale" or what the alternatives are to CVSS, we've recently published a new
fifteen minute video: https://vimeo.com/473562240 .

-dave

[CVE-2020-25204] God Kings "com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver" Improper Authorization Allowing In-Game Notification Spoofing

Full Disclosure - 27 October, 2020 - 12:49

Posted by Julien Ahrens (RCE Security) on Oct 27

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: God Kings
Vendor URL: https://play.google.com/store/apps/details?id=com.innogames.gkandroid
Type: Improper Verification of Intent by Broadcast Receiver [CWE-925]
Date found: 2020-09-07
Date published: 2020-10-25
CVSSv3 Score: 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVE: CVE-2020-25204

2....

CVE-2020-24990 Q-SYS <= 8.2.1 TFTP Directory Traversal

Full Disclosure - 23 October, 2020 - 12:49

Posted by Kevin R on Oct 23

files through a TFTP GET request

Use CVE-2020-24990.
Syndicate content