Rsync remote attack-CVE-2014-9512

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

 

Timeline

January 5, 2015 MITRE reserved CVE
February 12, 2015 NVD published advisory

Authority references

Vendor & other references

WordPress theme directory traversal

Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.

 

 

Timeline

February 11, 2015 NVD published advisory

Authority references

Exploits

 

WordPress plug-in arbitrary code execution

Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter in a registration task to the default URI or remote administrators to inject arbitrary web script or HTML via the (2) asc_or_desc, (3) order_by, (4) page_number, (5) serch_or_not, or (6) search_events_by_title parameter in (a) the Spider_Facebook_manage page to wp-admin/admin.php or a (b) selectpagesforfacebook or (c) selectpostsforfacebook action to wp-admin/admin-ajax.php.

 

Microsoft Internet Explorer arbitrary code execution-CVE-2015-0072

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka “Universal XSS (UXSS).”

 

 

 

Xen denial of service-CVE-2015-1563

The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.

Affected products

  • Xen 4.0.0
  • Xen 4.0.1
  • Xen 4.0.2
  • Xen 4.0.3
  • Xen 4.0.4
  • Xen 4.1.0
  • Xen 4.1.1
  • Xen 4.1.2
  • Xen 4.1.3
  • Xen 4.1.4
  • Xen 4.1.5
  • Xen 4.1.6.1
  • Xen 4.2.0
  • Xen 4.2.1
  • Xen 4.2.2
  • Xen 4.2.3
  • Xen 4.3.1
  • Xen 4.4.0
  • Xen 4.4.0 release candidate 1
  • Xen Xen 4.3.0

Authority references

Vendor & other references

Forum references

 

CVE-2014-0227 – Apache Tomcat – Request Smuggling

CVE-2014-0227 Request Smuggling

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- - Apache Tomcat 8.0.0-RC1 to 8.0.8
- - Apache Tomcat 7.0.0 to 7.0.54
- - Apache Tomcat 6.0.0 to 6.0.41

Description:
It was possible to craft a malformed chunk as part of a chucked request
that caused Tomcat to read part of the request body as a new request.

Mitigation:
Users of affected versions should apply one of the following mitigations
- - Upgrade to Apache Tomcat 8.0.9 or later
- - Upgrade to Apache Tomcat 7.0.55 or later
- - Upgrade to Apache Tomcat 6.0.43 or later
  (6.0.42 contains the fix but was not released)

Credit:
This issue was identified by the Tomcat security team.

References:
[1] http://tomcat.apache.org/security-8.html
[2] http://tomcat.apache.org/security-7.html
[3] http://tomcat.apache.org/security-6.html

Authority references

Forum references

 

Linux Kernel memory use risk – CVE-2014-5332

Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 alllows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a race condition to escape the Chrome sandbox.

Weakness classification

  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

Timeline

August 18, 2014 MITRE reserved CVE
February 6, 2015 NVD published advisory

Affected products

  • Linux Kernel 3.10

Authority references

Vendor & other references

 

FREE Backup space & FREE setup fee – Limited time for new signups!


* Current specials:
– We’re offering FREE 20GB off-site backup space with all of our server management plans for a limited time, for new signups.- We’re offering FREE SETUP and FREE 2nd month for transferring your server management services to us!

For more information, Please contact us at sales@attacker.net

GHOST: glibc vulnerability (CVE-2015-0235)

Background Information

GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Impact

The gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution.

A list of affected Linux distros

  • RHEL (Red Hat Enterprise Linux) version 5.x, 6.x and 7.x
  • CentOS Linux version 5.x, 6.x & 7.x
  • Ubuntu Linux version 10.04, 12.04 LTS
  • Debian Linux version 7.x
  • Linux Mint version 13.0
  • Fedora Linux version 19 or older
  • SUSE Linux Enterprise 11 and older (also OpenSuse Linux 11 or older versions).
  • SUSE Linux Enterprise Software Development Kit 11 SP3
  • SUSE Linux Enterprise Server 11 SP3 for VMware
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise Server 11 SP2 LTSS
  • SUSE Linux Enterprise Server 11 SP1 LTSS
  • SUSE Linux Enterprise Server 10 SP4 LTSS
  • SUSE Linux Enterprise Desktop 11 SP3
  • Arch Linux glibc version <= 2.18-1

Resolution

Update the glibc and nscd packages on your system using:

Fix for Centos/RHEL/Fedora 5,6,7:

  •  yum update glibc
  • Restart ALL running services or reboot the server as an alternative.

Fix for Ubuntu:

  • sudo apt-get clean
  • sudo apt-get update
  • sudo reboot