A week in security (Jun 12 – Jun 18)

Last week was very busy for the Labs, with a look at so-called numeric tech support scams, a visit to the huge Infosec Europe conference, an exploration of Mac Malware as a Service, and a walk through the myths of online bullying. Elsewhere: A huge click-farm is busted Jaff Ransomware is thwarted...

blkif responses leak backend stack data

ISSUE DESCRIPTION The block interface response structure has some discontiguous fields. Certain backends populate the structure fields of an otherwise uninitialized instance of this structure on their stacks, leaking data through the internal or trailing padding field. IMPACT A malicious...

Cisco NX-OS Software Fibre Channel over Ethernet Denial of Service Vulnerability (cisco-sa-20170607-nxos)

A vulnerability in the Fibre Channel over Ethernet FCoE protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition when an FCoE-related process unexpectedly reloads. Copyright C 2017 Greenbone Networks GmbH Some tex...

httpd: Padding Oracle in Apache mod_session_crypto

It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack...

httpd: Padding Oracle in Apache mod_session_crypto

It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack...

httpd: Padding Oracle in Apache mod_session_crypto

It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack...

CVE-2017-2304

Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from...

Design/Logic Flaw

A PKCS1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding...

CVE-2014-9934

A PKCS1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding...

CVE-2014-9934

A PKCS1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding...

F5 Networks BIG-IP : OpenSSL vulnerability (K23196136) (DROWN)

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by...

Ubuntu: Security Advisory (USN-3279-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3279-1 apache2 vulnerabilities

It was discovered that the Apache modsessioncrypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker could possibly use this issue to perform padding oracle attacks. CVE-2016-0736 Maksim Malyutin discovered that the Apache modauthdigest module incorrectly...

EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1085)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored i...

EulerOS 2.0 SP1 : openssl098e (EulerOS-SA-2017-1040)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The BNbn2dec function in crypto/bn/bnprint.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote...

Timing Attack

crypto/elliptic in github.com/golang/go is vulnerable to timing attacks. The TLS protocol implemented does not check MAC addresses in constant time when processing a malformed CBC padding. This is also known as the "Lucky Thirteen" attack...

httpd: Padding Oracle in Apache mod_session_crypto

It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack...

CVE-2016-3702

Padding oracle flaw in CloudForms Management Engine aka CFME 5 allows remote attackers to obtain sensitive cleartext information...

Information disclosure

Padding oracle flaw in CloudForms Management Engine aka CFME 5 allows remote attackers to obtain sensitive cleartext information...

CVE-2016-3702

Padding oracle flaw in CloudForms Management Engine aka CFME 5 allows remote attackers to obtain sensitive cleartext information...