Posts Tagged ‘security vulnerability’
Tuesday, November 19, 2013 @ 05:11 PM gHale
VMware released updates for VMware Workstation and VMware Player that fix a security vulnerability that attackers could use to host privilege escalation on Linux-based devices.
VMware Workstation for Linux 9.x prior to version 9.0.3 and VMware Player for Linux 5.x prior to version 5.0.3 suffer from the issue, according to the advisory published by the company. Fusion, ESX and ESXi do not have the problem.
The issue (CVE-2013-5972), which is the result of the way shared libraries end up handled, could allow a local attacker to escalate his privileges to root.
“The vulnerability does not allow for privilege escalation from the Guest Operating System to the host or vice-versa,” VMware said.
Workstation and Player customers should update their installations to versions 9.0.3 and 5.0.3, respectively as soon as possible.
Wednesday, June 5, 2013 @ 03:06 PM gHale
Google issued a security update for its Chrome browser and Chrome Frame platform.
The update fixes one security vulnerability rated as critical, nine rated as high and one rated as medium. There was also a rollup set of fixes included as a high severity flaw contained bugs found through auditing, fuzzing and other in-house security processes.
The critical hole, memory corruption in SSL socket handling, and one of the high rated holes, didn’t result in any bounty paid, but the remaining eight high and medium severity holes saw nearly $10,000 paid out.
One high severity flaw, a use-after-free problem with workers access database APIs, earned $1,337, an amount that typically identifies an interesting problem identified, but this was not the largest bounty paid. That went to a Windows-only problem where bad handles passed to the renderer and earned the discoverer, Colin Payne, $2,000.
Existing installations of Chrome on Windows, Mac OS X and Linux should update automatically. Other users can download the browser or the Chrome Frame IE plug-in from Google.
Wednesday, June 5, 2013 @ 03:06 PM gHale
There is a security vulnerability in Windows that any user on the system can exploit to obtain administrator privileges, a security researcher said.
Rather than reporting the vulnerability to Microsoft, Google security expert Tavis Ormandy posted details to the Full Disclosure security mailing list in mid-May and has now published an exploit to the same mailing list.
With this latest vulnerability, Ormandy decided to issue the information on t he Full Disclosure list. After discovering a bug in the Windows kernel’s EPATHOBJ::pprFlattenRec function, he wrote to the list: “I don’t have much free time to work on silly Microsoft code” and solicited ideas on how to successfully exploit the bug. With the help of user progmboy, Ormandy then developed a privilege escalation exploit which he shared with the mailing list, noting that another exploit was already in circulation.
Researchers at heise Security were able to use the exploit to reproduce the problem. If the file opens, it can launch a command line that can run arbitrary commands with system privileges, regardless of the user’s own privileges – even a guest account works.
With the full notice, Microsoft will now have to plug the vulnerability as rapidly as possible, particularly given that black hats also now have access to the exploit code. A virus could utilize the exploit to shut down anti-virus software without a UAC prompt or to insert a rootkit deep into the system.
Microsoft said it was looking into the problem and would “take appropriate measures” to protect its customers. It was not able to say when they will be able to close off the vulnerability or how users could protect themselves from privilege escalation.
Monday, March 11, 2013 @ 10:03 PM gHale
Some printers manufactured by Hewlett-Packard, including 10 of its LaserJet Professional printers, have a security vulnerability that could allow an attacker to remotely access data, according to the Computer Emergency Response Team (CERT).
The problem stems from a telnet debug shell glitch that can allow an unauthenticated user to connect to the printer and in turn, glean data, according to CERT. HP’s Software Security Response Team wrote about the problem in a security bulletin last week.
HP’s following LaserJet Pro printers are vulnerable: P1102w, P1606dn, M1212nf, M1213nf, M1214nfh, M1216nfh, M1217nfw, M1218nfs, M1219nf and CP1025nw, according to the bulletin.
German security researcher Christop von Wittich with Hentschke Bau GmbH discovered the flaw.
HP is advising affected customers to download updated firmware for printers impacted by the bug from the company’s Support Center site. The company is also encouraging those still concerned with the vulnerability to email email@example.com for further guidance.
Printers have had a handful of security vulnerabilities of late, along with other Internet-enabled devices over the last few years.
Friday, October 12, 2012 @ 06:10 PM gHale
Mozilla temporarily removed Firefox 16 from the current installer page after it found a security vulnerability in the new version of its browser.
The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters, said Michael Coates, director of security assurance at Mozilla.
Mozilla does not, however, have any information the vulnerability is currently suffering from any exploitations, he said. It is working on a fix and plans to ship updates.
Users will automatically upgrade to the new version as soon as it becomes available, Coates said.
Firefox version 15 remains unaffected, and as a precaution users can downgrade to version 15.0.1. Or they can wait until Mozilla’s patches come out and automatically applied to address the vulnerability, Coates said.
The new version of the browser released and addressed a number of security vulnerabilities, including some considered critical.
Firefox had a 20.08 percent share of desktop browsers in September, compared to 53.63 percent share for Internet Explorer and 18.86 percent for Chrome, according to Web measurement company Net Applications.
Tuesday, September 18, 2012 @ 10:09 AM gHale
The free DNS server BIND, which the Internet Systems Consortium (ISC) maintains, contains a security vulnerability that allows attackers to crash it using specially crafted data records, according to the Austrian national CERT.
The ISC said resource records with RDATA fields that exceed 65535 bytes cause the domain name server to crash the next time this record ends up queried.
The following versions of BIND suffer from the issue:
• BIND 9.0.x to 9.6.x
• BIND 9.4-ESV to 9.4-ESV-R5-P1
• BIND 9.6-ESV to 9.6-ESV-R7-P2
• BIND 9.7.0 to 9.7.6-P2
• BIND 9.8.0 to 9.8.3-P2
• BIND 9.9.0 to 9.9.1-P2
ISC recommends users upgrade to one of the current versions – 9.7.7, 9.7.6-P3, 9.6-ESV-R8, 9.6-ESV-R7-P3, 9.8.4, 9.8.3-P3, 9.9.2 or 9.9.1-P3 – as soon as possible.
The Austrian national CERT said sealing off a server from the outside is not sufficient to protect it against an attack. Apparently, an email could trigger a name server query, causing the server to load the specially crafted record. That the query appears to come “from the inside” offers no protection in this case.
It remains unclear whether the flaw can only trigger server crashes or whether it can also inject malicious software.
Friday, April 13, 2012 @ 04:04 PM gHale
A new release of NVIDIA’s proprietary UNIX graphics drivers for Linux, Solaris and FreeBSD fixes a security vulnerability that allowed attackers to read and write arbitrary system memory in order to obtain root privileges.
To take advantage of the vulnerability, an attacker must have access permission for some device files, which for systems with these drivers is typically the case for users who can launch a graphical interface such as 3D acceleration.
Version 295.40 of the driver corrects this problem; for older drivers whose version numbers start with 195, 256 to 285, or 290 to 295, NVIDIA made patches available that change the vulnerable part of the kernel module belonging to the driver. Users who update the driver with this patch and use the CUDA debugger will also need to update the CUDA library before the debugger can work again.
NVIDIA has categorized the security hole as “high risk” and recommends users update to the new version if they use the drivers with GeForce 8, G80 Quadro graphics cards, or newer models from those lines. The company has not confirmed whether the problem also exists for older graphics card models or legacy drivers (such as the 173 line).