Security News

CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion

Bug Traq - 17 June, 2016 - 14:45

Posted by Berend-Jan Wever on Jun 17

CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion
============================================================================
This information is available in an easier to read format on my blog at
http://blog.skylined.nl/

With [MS16-063] Microsoft has patched [CVE-2016-0199]: a memory
corruption bug
in the garbage collector of the JavaScript engine used in Internet
Explorer 11.
By exploiting this vulnerability, a...

Bugtraq: [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player

Security Focus Vulnerabilities - 17 June, 2016 - 14:45
[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player

Re: "When you shoot at the king, you best not miss." (Allen)

Daily Dave - 17 June, 2016 - 12:53

Posted by Jeffrey Carr on Jun 17

I agree entirely, Allen. The market incentives are huge for a company to
discover and report an attack attributed to a nation state, the bar for
evidence is negligible, and there's really no way to disprove a claim. Even
when someone involved in the attack pops up and says I did it, here's
proof, and you're an idiot, that becomes a "disinformation operation" and
again, there's no way to disprove that.

Jeff

Re: "When you shoot at the king, you best not miss."

Daily Dave - 17 June, 2016 - 12:44

Posted by Paul Melson on Jun 17

Two thoughts on this mess:

1. It is exceptionally rare for a breach response investigation to find
just one actor. This is a big part of why attribution is hard.
Investigators get bits and pieces of artifacts from multiple actors,
sometimes with timelines measured in years. (CrowdStrike's own reporting
suggests this is the case at DNC, the question is only to what degree.)
Putting them together in any sort of conclusive narrative is...

[ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability

Bug Traq - 17 June, 2016 - 11:57

Posted by ERPScan inc on Jun 17

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: Directory traversal

Sent: 29.09.2015

Reported: 29.09.2015

Vendor response: 30.09.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2234971

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-012] SAP NetWeaver AS Java directory traversal vulnerability...

[ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability

Bug Traq - 17 June, 2016 - 11:49

Posted by ERPScan inc on Jun 17

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: XXE

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2235994

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet –
XXE vulnerability

Advisory...

Bugtraq: User enumeration in Skype for Business 2013

Security Focus Vulnerabilities - 17 June, 2016 - 11:45
User enumeration in Skype for Business 2013

Bugtraq: [FD] Multiple vulnerabilities in squid 0.4.16_2 running on pfSense

Security Focus Vulnerabilities - 17 June, 2016 - 11:45
[FD] Multiple vulnerabilities in squid 0.4.16_2 running on pfSense

Bugtraq: [SECURITY] [DSA 3604-1] drupal7 security update

Security Focus Vulnerabilities - 17 June, 2016 - 11:45
[SECURITY] [DSA 3604-1] drupal7 security update

[ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability

Bug Traq - 17 June, 2016 - 11:41

Posted by ERPScan inc on Jun 17

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: XSS

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2238375

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester –
XSS vulnerability

Advisory...

Re: "When you shoot at the king, you best not miss."

Daily Dave - 17 June, 2016 - 09:36

Posted by Allen on Jun 17

| It's entirely possible that this is a disinformation campaign, or that
attribution is hard, and Crowdstrike made a mistake
|

I'm inclined to believe that while attribution may be hard there are
entirely too many market incentives to brand any given attack with one of
the nation state animal totems.

The fact that attribution is frequently derived from prior intelligence
blended with the fact that all of the source data is...

Re: "When you shoot at the king, you best not miss."

Daily Dave - 17 June, 2016 - 09:28

Posted by Thomas Quinlan on Jun 17

When negotiating with the king, you might want to fire at his head and miss just to remind him that you have a gun that
you can use later if you want.

Some emails will be released eventually, as Wikileaks is likely to do it when the time is right anyway, but this way
Russia can say that they had them even before that and/or claim that they have more than what Wikileaks publishes.

They don't actually have to release the contents. They...

Re: "When you shoot at the king, you best not miss."

Daily Dave - 17 June, 2016 - 09:19

Posted by Mara Tam on Jun 17

Leaving aside problems with assuming that this is definitely state-sponsored, it is worth reading through the
Information Security Doctrine of the Russian Federation.[1] N.B. This has been in place since 2000, and is due to be
updated shortly.

This Diplomaatia piece surveys the substance of likely changes as well as the motivations driving them.[2] There have
been interim update of sorts in changes to the military doctrine from 2010,[3] and...

Bugtraq: [security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information

Security Focus Vulnerabilities - 17 June, 2016 - 01:35
[security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information

[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player

Bug Traq - 17 June, 2016 - 01:09

Posted by Stefan Kanthak on Jun 16

Hi @ll,

the executable (un)installers for Flash Player before version
22.0.0.192 and 18.0.0.360 (both released on 2016-06-15) are
vulnerable to DLL hijacking: they load and execute multiple
Windows system DLLs from their "application directory" instead
of Windows' "system directory" %SystemRoot%\System32\.

On Windows 7 and before they also (try to) load PCACli.dll and
API-MS-Win-Downlevel-Shell32-l1-1-0.dll from the...

[FD] Multiple vulnerabilities in squid 0.4.16_2 running on pfSense

Bug Traq - 17 June, 2016 - 00:10

Posted by Remco Sprooten on Jun 16

I. VULNERABILITY
-------------------------
Multiple vulnerabilities in squid 0.4.16_2 running on pfSense
Version 2.3.1-RELEASE-p1

II. BACKGROUND
-------------------------
The pfSense project is a free network firewall distribution, based on the
FreeBSD operating system, with a custom kernel and an array of third-party
free software packages that can be installed for additional functionality.
Through this package system pfSense software is able...

User enumeration in Skype for Business 2013

Bug Traq - 16 June, 2016 - 23:59

Posted by nyxgeek on Jun 16

# Exploit Title: Skype for Business 2013 user enumeration timing attack
# Date: 2016-06-08
# Exploit Author: nyxgeek
# Vendor Homepage: https://www.microsoft.com
# Version: Skype for Business 2013
#
#
# Skype for Business 2013 is vulnerable to a timing attack that allows for username enumeration
#
# When Skype/Lync is exposed externally, a login page will be located at https://dialin.domain.com.
#
# In the attack, a short response time indicates...

[SECURITY] [DSA 3604-1] drupal7 security update

Bug Traq - 16 June, 2016 - 23:50

Posted by Moritz Muehlenhoff on Jun 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3604-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
June 16, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : not yet available

A privilege...

Bugtraq: [security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties

Security Focus Vulnerabilities - 16 June, 2016 - 23:15
[security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties

Bugtraq: Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0)

Security Focus Vulnerabilities - 16 June, 2016 - 23:15
Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0)
Syndicate content