Security News
Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag
Posted by Marcin Kozlowski on Feb 14
OK, I think I got it the conditionBelow is Mobile (Android) Bluetooth subsystem log:
02-12 22:33:26.928 2416 2461 W bt_hci_packet_fragmenter:
reassemble_and_dispatch reassemble_and_dispatch
02-12 22:33:26.928 2416 2461 W bt_hci_packet_fragmenter:
reassemble_and_dispatch partial_packet->offset 21 packet->len 683
HCI_ACL_PREAMBLE_SIZE 4
02-12 22:33:26.928 2416 2461 W bt_hci_packet_fragmenter:
reassemble_and_dispatch projected_offset...
CA20200205-01: Security Notice for CA Unified Infrastructure Management
Posted by Ken Williams via Fulldisclosure on Feb 14
CA20200205-01: Security Notice for CA Unified Infrastructure ManagementIssued: February 5th, 2020
Last Updated: February 14th, 2020
CA Technologies, A Broadcom Company, is alerting customers to three
vulnerabilities in CA Unified Infrastructure Management (Nimsoft / UIM).
Multiple vulnerabilities exist that can allow an unauthenticated remote
attacker to execute arbitrary code or commands, read from or write to
systems, or conduct denial of...
CVE-2019-18915 HP System Event Utility / Privilege Escalation Vulnerability
Posted by hyp3rlinx on Feb 14
[+] Credits: John Page (aka hyp3rlinx)[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/HP-SYSTEM-EVENT-UTILITY-LOCAL-PRIVILEGE-ESCALATION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec
[Vendor]
www.hp.com
[Product]
HP System Event Utility
The genuine HPMSGSVC.exe file is a software component of HP System Event
Utility by HP Inc.
HP System Event Utility enables the functioning of special...
[TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)
Posted by Thierry Zoller on Feb 14
[TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum)
Posted by Thierry Zoller on Feb 14
[EnumJavaLibs]_ Remote Java classpath enumerator
Posted by RedTimmy Security on Feb 14
Hi,we have just released EnumJavaLibs to perform java classes enumeration against java services.
To discover a deserialization vulnerability is often easy. When source code is available, it comes down to finding
calls to readObject() and finding a way for user input to reach that function. In case we don’t have source code
available, we can spot serialized objects on the wire by looking for binary blobs or base64 encoded objects (recognized...
[SECURITY] [DSA 4623-1] postgresql-11 security update
Posted by Moritz Muehlenhoff on Feb 14
-------------------------------------------------------------------------Debian Security Advisory DSA-4623-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : postgresql-11
CVE ID : CVE-2020-1720
Tom Lane...
[slackware-security] mozilla-firefox (SSA:2020-042-01)
Posted by Slackware Security Team on Feb 14
[slackware-security] mozilla-firefox (SSA:2020-042-01)New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.5.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
[SECURITY] [DSA 4622-1] postgresql-9.6 security update
Posted by Moritz Muehlenhoff on Feb 14
-------------------------------------------------------------------------Debian Security Advisory DSA-4622-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : postgresql-9.6
CVE ID : CVE-2020-1720
Tom Lane...
[slackware-security] mozilla-thunderbird (SSA:2020-042-02)
Posted by Slackware Security Team on Feb 14
[slackware-security] mozilla-thunderbird (SSA:2020-042-02)New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-68.5.0-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update
[SECURITY] [DSA 4269-1] postgresql-9.6 security update
Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update
[SECURITY] [DSA 4268-1] openjdk-8 security update
Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update
[SECURITY] [DSA 4267-1] kamailio security update
Bugtraq: [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2
[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2
[KIS-2020-05] SuiteCRM <= 7.11.10 Multiple SQL Injection Vulnerabilities
Posted by Egidio Romano on Feb 12
----------------------------------------------------------SuiteCRM <= 7.11.10 Multiple SQL Injection Vulnerabilities
----------------------------------------------------------
[-] Software Link:
https://suitecrm.com/
[-] Affected Versions:
Version 7.11.10 and prior versions.
[-] Vulnerabilities Description:
1) The vulnerability is located within the SOAP API, specifically into
the set_entries() SOAP
function. User input passed through...
[KIS-2020-04] SuiteCRM <= 7.11.11 (add_to_prospect_list) Broken Access Control Vulnerability
Posted by Egidio Romano on Feb 12
------------------------------------------------------------------------------SuiteCRM <= 7.11.11 (add_to_prospect_list) Broken Access Control
Vulnerability
------------------------------------------------------------------------------
[-] Software Link:
https://suitecrm.com/
[-] Affected Versions:
Version 7.11.11 and prior versions.
[-] Vulnerability Description:
There is a Local File Inclusion vulnerability within the...
[KIS-2020-03] SuiteCRM <= 7.11.11 (action_saveHTMLField) Bean Manipulation Vulnerability
Posted by Egidio Romano on Feb 12
--------------------------------------------------------------------------SuiteCRM <= 7.11.11 (action_saveHTMLField) Bean Manipulation
Vulnerability
--------------------------------------------------------------------------
[-] Software Link:
https://suitecrm.com/
[-] Affected Versions:
Version 7.11.11 and prior versions.
[-] Vulnerability Description:
The vulnerability exists because the...
[KIS-2020-02] SuiteCRM <= 7.11.11 Multiple Phar Deserialization Vulnerabilities
Posted by Egidio Romano on Feb 12
-----------------------------------------------------------------SuiteCRM <= 7.11.11 Multiple Phar Deserialization Vulnerabilities
-----------------------------------------------------------------
[-] Software Link:
https://suitecrm.com/
[-] Affected Versions:
Version 7.11.11 and prior versions.
[-] Vulnerabilities Description:
1) User input passed through the "backup_dir" parameter when handling
the "Backups"...
[KIS-2020-01] SuiteCRM <= 7.11.11 Second-Order PHP Object Injection Vulnerabilities
Posted by Egidio Romano on Feb 12
---------------------------------------------------------------------SuiteCRM <= 7.11.11 Second-Order PHP Object Injection Vulnerabilities
---------------------------------------------------------------------
[-] Software Link:
https://suitecrm.com/
[-] Affected Versions:
Version 7.11.11 and prior versions.
[-] Vulnerabilities Description:
1) The vulnerability exists because the...
Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag
Posted by Marcin Kozlowski on Feb 11
Hi all,You can read more here, if you didn't hear about it:
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Looking at the patch, when I understood it correctly, it seems all you need
to send fragmented GAP ACL L2CAP data over HCI:
https://android.googlesource.com/platform/system/bt/+/3cb7149d8fed2d7d77ceaa95bf845224c4db3baf
Anybody can confirm/deny? Anybody had success on doing it?
Starting...
