Security News

Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag

Full Disclosure - 14 February, 2020 - 12:31

Posted by Marcin Kozlowski on Feb 14

OK, I think I got it the condition

Below is Mobile (Android) Bluetooth subsystem log:

02-12 22:33:26.928 2416 2461 W bt_hci_packet_fragmenter:
reassemble_and_dispatch reassemble_and_dispatch
02-12 22:33:26.928 2416 2461 W bt_hci_packet_fragmenter:
reassemble_and_dispatch partial_packet->offset 21 packet->len 683
HCI_ACL_PREAMBLE_SIZE 4
02-12 22:33:26.928 2416 2461 W bt_hci_packet_fragmenter:
reassemble_and_dispatch projected_offset...

CA20200205-01: Security Notice for CA Unified Infrastructure Management

Full Disclosure - 14 February, 2020 - 12:31

Posted by Ken Williams via Fulldisclosure on Feb 14

CA20200205-01: Security Notice for CA Unified Infrastructure Management

Issued: February 5th, 2020
Last Updated: February 14th, 2020

CA Technologies, A Broadcom Company, is alerting customers to three
vulnerabilities in CA Unified Infrastructure Management (Nimsoft / UIM).
Multiple vulnerabilities exist that can allow an unauthenticated remote
attacker to execute arbitrary code or commands, read from or write to
systems, or conduct denial of...

CVE-2019-18915 HP System Event Utility / Privilege Escalation Vulnerability

Full Disclosure - 14 February, 2020 - 12:31

Posted by hyp3rlinx on Feb 14

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/HP-SYSTEM-EVENT-UTILITY-LOCAL-PRIVILEGE-ESCALATION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.hp.com

[Product]
HP System Event Utility

The genuine HPMSGSVC.exe file is a software component of HP System Event
Utility by HP Inc.
HP System Event Utility enables the functioning of special...

[TZO-13-2020] - AVIRA Generic AV Bypass (ZIP GPFLAG)

Bug Traq - 14 February, 2020 - 07:04

Posted by Thierry Zoller on Feb 14


[TZO-11-2020] - ESET Generic Malformed Archive Bypass (BZ2 Checksum)

Bug Traq - 14 February, 2020 - 07:03

Posted by Thierry Zoller on Feb 14


[EnumJavaLibs]_ Remote Java classpath enumerator

Bug Traq - 14 February, 2020 - 06:54

Posted by RedTimmy Security on Feb 14

Hi,
we have just released EnumJavaLibs to perform java classes enumeration against java services.

To discover a deserialization vulnerability is often easy. When source code is available, it comes down to finding
calls to readObject() and finding a way for user input to reach that function. In case we don’t have source code
available, we can spot serialized objects on the wire by looking for binary blobs or base64 encoded objects (recognized...

[SECURITY] [DSA 4623-1] postgresql-11 security update

Bug Traq - 14 February, 2020 - 06:50

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4623-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : postgresql-11
CVE ID : CVE-2020-1720

Tom Lane...

[slackware-security] mozilla-firefox (SSA:2020-042-01)

Bug Traq - 14 February, 2020 - 06:50

Posted by Slackware Security Team on Feb 14

[slackware-security] mozilla-firefox (SSA:2020-042-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-68.5.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[SECURITY] [DSA 4622-1] postgresql-9.6 security update

Bug Traq - 14 February, 2020 - 06:46

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4622-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : postgresql-9.6
CVE ID : CVE-2020-1720

Tom Lane...

[slackware-security] mozilla-thunderbird (SSA:2020-042-02)

Bug Traq - 14 February, 2020 - 06:43

Posted by Slackware Security Team on Feb 14

[slackware-security] mozilla-thunderbird (SSA:2020-042-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-68.5.0-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Bugtraq: [SECURITY] [DSA 4269-1] postgresql-9.6 security update

Security Focus Vulnerabilities - 14 February, 2020 - 06:40
[SECURITY] [DSA 4269-1] postgresql-9.6 security update

Bugtraq: [SECURITY] [DSA 4268-1] openjdk-8 security update

Security Focus Vulnerabilities - 14 February, 2020 - 06:40
[SECURITY] [DSA 4268-1] openjdk-8 security update

Bugtraq: [SECURITY] [DSA 4267-1] kamailio security update

Security Focus Vulnerabilities - 14 February, 2020 - 06:40
[SECURITY] [DSA 4267-1] kamailio security update

Bugtraq: [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

Security Focus Vulnerabilities - 14 February, 2020 - 06:40
[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2

[KIS-2020-05] SuiteCRM <= 7.11.10 Multiple SQL Injection Vulnerabilities

Full Disclosure - 12 February, 2020 - 14:05

Posted by Egidio Romano on Feb 12

----------------------------------------------------------
SuiteCRM <= 7.11.10 Multiple SQL Injection Vulnerabilities
----------------------------------------------------------

[-] Software Link:

https://suitecrm.com/

[-] Affected Versions:

Version 7.11.10 and prior versions.

[-] Vulnerabilities Description:

1) The vulnerability is located within the SOAP API, specifically into
the set_entries() SOAP
function. User input passed through...

[KIS-2020-04] SuiteCRM <= 7.11.11 (add_to_prospect_list) Broken Access Control Vulnerability

Full Disclosure - 12 February, 2020 - 14:04

Posted by Egidio Romano on Feb 12

------------------------------------------------------------------------------
SuiteCRM <= 7.11.11 (add_to_prospect_list) Broken Access Control
Vulnerability
------------------------------------------------------------------------------

[-] Software Link:

https://suitecrm.com/

[-] Affected Versions:

Version 7.11.11 and prior versions.

[-] Vulnerability Description:

There is a Local File Inclusion vulnerability within the...

[KIS-2020-03] SuiteCRM <= 7.11.11 (action_saveHTMLField) Bean Manipulation Vulnerability

Full Disclosure - 12 February, 2020 - 14:03

Posted by Egidio Romano on Feb 12

--------------------------------------------------------------------------
SuiteCRM <= 7.11.11 (action_saveHTMLField) Bean Manipulation
Vulnerability
--------------------------------------------------------------------------

[-] Software Link:

https://suitecrm.com/

[-] Affected Versions:

Version 7.11.11 and prior versions.

[-] Vulnerability Description:

The vulnerability exists because the...

[KIS-2020-02] SuiteCRM <= 7.11.11 Multiple Phar Deserialization Vulnerabilities

Full Disclosure - 12 February, 2020 - 14:02

Posted by Egidio Romano on Feb 12

-----------------------------------------------------------------
SuiteCRM <= 7.11.11 Multiple Phar Deserialization Vulnerabilities
-----------------------------------------------------------------

[-] Software Link:

https://suitecrm.com/

[-] Affected Versions:

Version 7.11.11 and prior versions.

[-] Vulnerabilities Description:

1) User input passed through the "backup_dir" parameter when handling
the "Backups"...

[KIS-2020-01] SuiteCRM <= 7.11.11 Second-Order PHP Object Injection Vulnerabilities

Full Disclosure - 12 February, 2020 - 14:02

Posted by Egidio Romano on Feb 12

---------------------------------------------------------------------
SuiteCRM <= 7.11.11 Second-Order PHP Object Injection Vulnerabilities
---------------------------------------------------------------------

[-] Software Link:

https://suitecrm.com/

[-] Affected Versions:

Version 7.11.11 and prior versions.

[-] Vulnerabilities Description:

1) The vulnerability exists because the...

Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag

Full Disclosure - 11 February, 2020 - 18:02

Posted by Marcin Kozlowski on Feb 11

Hi all,

You can read more here, if you didn't hear about it:

https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/

Looking at the patch, when I understood it correctly, it seems all you need
to send fragmented GAP ACL L2CAP data over HCI:

https://android.googlesource.com/platform/system/bt/+/3cb7149d8fed2d7d77ceaa95bf845224c4db3baf

Anybody can confirm/deny? Anybody had success on doing it?

Starting...
Syndicate content