Feed aggregator

next-20140723: linux-next

Linux Kernel Updates - July 23, 2014 - 3:46am
Version:next-20140723 (linux-next) Released:2014-07-23

[security bulletin] HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information

BugTraq Latest Security Advisories - July 22, 2014 - 10:29am

Posted by security-alert on Jul 22

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04370307

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04370307
Version: 1

HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized
Access, Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability

BugTraq Latest Security Advisories - July 22, 2014 - 10:20am

Posted by Vulnerability Lab on Jul 22

Document Title:
===============
Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=890

Barracuda Networks Security ID (BNSEC): BNSEC-1176
https://www.barracuda.com/support/knowledgebase/501600000013gvh

Solution #00006521
BNSEC-01176: Authenticated non-persistent XSS in Barracuda Spam and Virus...
Categories:

Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080

BugTraq Latest Security Advisories - July 22, 2014 - 10:11am

Posted by audit1 on Jul 22

We discovered a vulnerability in the Symantec Endpoint Protection Manager web application.

Vulnerability Type: Login Bruteforce

Original Release: June 20, 2014

Discovered by:
Security Team - A2SECURE
Artëm Tsvetkov atsvetkov () a2secure com
Sisco Barrera sbarrera () a2secure com
Andrea Bodei abodei () a2secure com

Products and affected versions:
SYMANTEC ENDPOINT PROTECTION MANAGER...
Categories:

Cross-site Scripting in EventLog Analyzer 9.0 build #9000

BugTraq Latest Security Advisories - July 22, 2014 - 10:02am

Posted by audit1 on Jul 22

We discovered a vulnerability in the EventLog Analyzer web application.

Vulnerability Type: Cross-site Scripting

Original Release: June 20, 2014

Discovered by:
Security Team - A2SECURE
Artëm Tsvetkov atsvetkov () a2secure com
Sisco Barrera sbarrera () a2secure com
Andrea Bodei abodei () a2secure com

Products and affected versions:
MANAGEENGINE EVENTLOG ANALYZER 9.0 build #9000

Company:...
Categories:

[oCERT-2014-004] Ansible input sanitization errors

BugTraq Latest Security Advisories - July 22, 2014 - 9:52am

Posted by Andrea Barisani on Jul 22

#2014-004 Ansible input sanitization errors

Description:

The Ansible project is an open source configuration management platform.

The Ansible platform suffers from input sanitization errors that allow
arbitrary code execution as well as information leak, in case an attacker is
able to control certain playbook variables.

The first vulnerability involves the escalation of a local permission access
level into arbitrary code execution. The code...
Categories:

Call for Papers / Speakers for ISACA Ireland Conference on 3rd Oct in Dublin

BugTraq Latest Security Advisories - July 22, 2014 - 9:41am

Posted by president on Jul 22

ISACA Ireland is seeking innovated session proposals that will engage an audience of information security, assurance.
audit, privacy, governance, risk and compliance professionals. Speakers should offer real-world examples, “war
stories”, case studies, successes and failures, examples of actual tools and working papers used, and insights on
emerging issues. As a guideline the following is a list of suggested topics which is not intended to...
Categories:

[SECURITY] [DSA 2983-1] drupal7 security update

BugTraq Latest Security Advisories - July 21, 2014 - 10:29am

Posted by Moritz Muehlenhoff on Jul 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2983-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 20, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : not yet available

Multiple...
Categories:

[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update

BugTraq Latest Security Advisories - July 21, 2014 - 10:21am

Posted by Moritz Muehlenhoff on Jul 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2982-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 19, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby-activerecord-3.2
CVE ID : CVE-2014-3482...
Categories:

KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation

BugTraq Latest Security Advisories - July 21, 2014 - 10:09am

Posted by KoreLogic Disclosures on Jul 21

Title: Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2014-003
Publication Date: 2014.07.18
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt

1. Vulnerability Details

Affected Vendor: Microsoft
Affected Product: MQ Access Control
Affected Versions: 5.1.0.1110
Platform: Microsoft Windows XP SP3
CWE Classification: CWE-123: Write-what-where Condition...
Categories:

KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation

BugTraq Latest Security Advisories - July 21, 2014 - 9:59am

Posted by KoreLogic Disclosures on Jul 21

Title: Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2014-002
Publication Date: 2014-07-18
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt

1. Vulnerability Details

Affected Vendor: Microsoft
Affected Product: Bluetooth Personal Area Networking
Affected Versions: 5.1.2600.5512
Platform: Microsoft Windows XP SP3
CWE Classification: CWE-123:...
Categories:

CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.

BugTraq Latest Security Advisories - July 21, 2014 - 9:51am

Posted by Jordan Sissel on Jul 21

Vendor: Elasticsearch
Product: Logstash
CVE: CVE-2014-4326
Affected versions: Logstash 1.0.14 through 1.4.1

Recommendations: All affected users should upgrade to Logstash 1.4.2.
We also provide patch instructions for Logstash 1.3.x at the bottom of
this note.

The vulnerability impacts deployments that use either the zabbix or
the nagios_nsca outputs. In these cases, an attacker with an ability
to send crafted events to any source of data for...
Categories:

[SECURITY] [DSA 2981-1] polarssl security update

BugTraq Latest Security Advisories - July 21, 2014 - 9:41am

Posted by Salvatore Bonaccorso on Jul 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2981-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : polarssl
CVE ID : CVE-2014-4911
Debian Bug :...
Categories:

CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure

BugTraq Latest Security Advisories - July 21, 2014 - 9:32am

Posted by i amroot on Jul 21

Product: Nessus
Vendor: Tenable Network Security‎
Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 (potentially lower)
Vendor Notified Date: June 24, 2014
Vendor Resolved Date: June 25, 2014
Release Date: July 18, 2014
Risk: Medium
Authentication: Not Required
Remote: Yes

Description:
A parameter tampering vulnerability exists in Nessus 5.2.7 and potentially below that allows remote attackers to
retrieve potentially sensitive information from the...
Categories: