BugTraq Latest Security Advisories

Posted by Henri Salo on Jun 13

Please use CVE-2013-2173 for this issue.

---
Henri Salo

Posted by LSE Leading Security Experts GmbH \(Security Advisories\) on Jun 13

=== LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 ===

Avira AntiVir Engine -- Denial of Service / Filtering Evasion
-------------------------------------------------------------

Affected Versions
=================
Avira AntiVir Engine < 8.2.12.58

Affected products using the AntiVir engine are:

Avira Server Security
Avira AntiVir MailGate
Avira AntiVir MailGate Suite
Avira Exchange Security
Avira AntiVir WebGate
Avira...

Posted by security on Jun 13

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:173
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : subversion
Date : June 13, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem...

Posted by Yves-Alexis Perez on Jun 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-2707-1 security () debian org
http://www.debian.org/security/ Yves-Alexis Perez
June 13, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : dbus
Vulnerability : denial of service
Problem type :...

Posted by Fernando Gont on Jun 13

Folks,

FYI, the slideware of two recent presentations is available online:

* "Security Assessment of IPv6 Networks and Firewalls", presented at the
German IPv6 Kongress (http://www.ipv6-kongress.de/) in Frankfurt/Main,
June 6-7, 2013.

Slideware available at:
<http://www.si6networks.com/presentations/ipv6kongress/mhfg-ipv6-kongress-ipv6-security-assessment.pdf>

We did this talk together with Marc Heuse. First time we presented...

Posted by security on Jun 12

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:172
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wireshark
Date : June 12, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem...

Posted by advisory on Jun 12

Advisory ID: HTB23157
Product: Dolphin
Vendor: BoonEx
Vulnerable Version(s): 7.1.2 and probably prior
Tested Version: 7.1.2
Vendor Notification: May 22, 2013
Vendor Patch: May 29, 2013
Public Disclosure: June 12, 2013
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2013-3638
Risk Level: Medium
CVSSv2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security...

Posted by Solar Designer on Jun 12

Hi guys,

I'll over-quote a little, then comment below:

[...]

[...]

Web apps (like WordPress) were indeed not supposed to expose the ability
for untrusted users to specify arbitrary "setting" strings (which
include the configurable cost). I am unfamiliar with WordPress, so I
don't know why they do it here - is this instance of their use of phpass
perhaps meant to achieve similar goals that tripcodes do? If so, yes,
they...

Posted by CORE Security Technologies Advisories on Jun 12

Core Security - Corelabs Advisory
http://corelabs.coresecurity.com

Buffer overflow in Ubiquiti airCam RTSP service

1. *Advisory Information*

Title: Buffer overflow in Ubiquiti airCam RTSP service
Advisory ID: CORE-2013-0430
Advisory URL:
http://www.coresecurity.com/advisories/buffer-overflow-ubiquiti-aircam-rtsp-service
Date published: 2013-06-11
Date of last update: 2013-06-11
Vendors contacted: Ubiquiti
Release mode: Coordinated release

2....

Posted by security-alert on Jun 12

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03784101

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03784101
Version: 1

HPSBMU02884 rev.1 - HP Service Manager and HP ServiceCenter, Cross Site
Scripting (XSS) and Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....

Posted by Peter Bex on Jun 11

Hi,

This phpass.php isn't hand-rolled like you stated in your blog post; it's
a copy of a public domain crypt()-workalike: http://www.openwall.com/phpass/
There are several other systems which implement their password hashing
using this library.

Having said that, being able to control the setting looks like a mistake on
the part of Wordpress, so I'm not sure the bug is in phpass, strictly
speaking. However, have you considered...

Posted by Tomi Tuominen on Jun 11

# t2'13 - Call For Papers #
Helsinki, Finland
October 24 - 25, 2013

We are pleased to announce the annual t2'13 infosec conference, which
will take place in Helsinki, Finland, from October 24 to 25, 2013.

We are looking for original, preferably technical presentations in the
fields of information security. Presentations should last a minimum of
60 minutes and a maximum of two...

Posted by security-alert on Jun 11

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03787836

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03787836
Version: 1

HPSBHF02885 rev.1 - HP Integrated Lights-Out iLO3 and iLO4 using
Single-Sign-On (SSO), Remote Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....

Posted by James Joshi on Jun 11

CALL FOR PAPERS

IEEE SafeConfig 2013
--------------------
6th Symposium on Security Analytics and Automation (www.safeconfig.org)

(collocated with IEEE Conference on Communications and Network Security)

Washington, D.C., USA
October 14, 2013

Sponsors: IEEE (COMSOC).

Important Dates

Abstract Registration Deadline: June 25
Manuscript Submission: July 1, 2013
Review Notification: August 7, 2013
Camera Ready: August 15, 2012
Conference Dates:...

Posted by Slackware Security Team on Jun 11

[slackware-security] php (SSA:2013-161-01)

New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix a security issue.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/php-5.4.16-i486-1_slack14.0.txz: Upgraded.
This is a bugfix release. It also fixes a security issue -- a heap-based
overflow in the quoted_printable_encode() function, which...

Posted by Giuseppe Iuculano on Jun 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-2706-1 security () debian org
http://www.debian.org/security/ Giuseppe Iuculano
June 10, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
Vulnerability : several
Problem type :...

Posted by Giuseppe Iuculano on Jun 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-2705-1 security () debian org
http://www.debian.org/security/ Giuseppe Iuculano
June 10, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : pymongo
Vulnerability : denial of service
Problem type :...

Posted by Anthony Dubuissez on Jun 11

=============================================
WEBERA ALERT ADVISORY 01

- Discovered by: Anthony Dubuissez
- Severity: high
- CVE Request - 03/06/2013
- CVE Assign - 03/06/2013
- CVE Number - CVE-2013-3739
- Vendor notification - 03/06/2013
- Vendor reply - No reply
- Public disclosure - 10/06/2013

=============================================
I. VULNERABILITY -------------------------
Local File Inclusion in Weathermap <= 0.97C

II....

Posted by Raphael Geissert on Jun 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-2704-1 security () debian org
http://www.debian.org/security/ Raphael Geissert
June 09, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mesa
Vulnerability : out of bounds access
Problem type :...

Posted by Salvatore Bonaccorso on Jun 11

-------------------------------------------------------------------------
Debian Security Advisory DSA-2703-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
June 09, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : subversion
Vulnerability : several
Problem type : remote...