[oss-security] CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure

Good morning, http://seclists.org/fulldisclosure/2014/Jun/21 reports two temporary file issues. The first is in PHP's configure script: char filename = "/tmp/phpglibccheck"; Red Hat bug: https://bugzilla.redhat.com/showbug.cgi?id=1104978 The second issue is Lynis writing a predictable file to...

openSUSE Security Update : gnash (openSUSE-SU-2012:0369-1)

gnash used predictable and world readable temporary file names to store HTTP cookies %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-164. The text description of this plugin is C...

openSUSE Security Update : ecryptfs-utils (openSUSE-SU-2011:0902-1)

This update of ecryptfs-utils fixes several security problems : - CVE-2011-1831 - Race condition when checking mountpoint during mount. - CVE-2011-1832 - Race condition when checking mountpoint during unmount. - CVE-2011-1833 - Race condition when checking source during mount. - CVE-2011-1834 -...

CVE-2009-5023

The 1 dshield.conf, 2 mail-buffered.conf, 3 mynetwatchman.conf, and 4 mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt...

OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability

The OpenSSL service on the remote host is potentially vulnerable to a man-in-the-middle MiTM attack, based on its response to two consecutive 'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by...

CVE-2013-2758

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack...

Design/Logic Flaw

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack...

CVE-2013-2758

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform formerly Citrix CloudStack 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack...

UBUNTU-CVE-2013-7040

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service CPU consumptio...

CVE-2014-1849

Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam...

CVE-2014-1849

Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifying arbitrary camera records in the Foscam...

JDK: Vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier f...

Microsoft Office ASLR Remote Security Bypass Weakness

Description Microsoft Office is prone to a remote security-bypass weakness that may cause a library to use a predictable base address. This weakness may allow attackers to predict the base address of a library in certain circumstances and in turn bypass the Address Space Layout Randomization ASLR...

[oss-security] CVE Request - Predictable temporary filenames in GNU Emacs

I reported these bugs on the Debian tracker on Monday: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747100 In brief some of the bundled Emacs Lisp uses predictable /tmpfile names insecurely: lisp/gnus/gnus-fun.el: In the function gnus-grab-cam-face the file "/tmp/gnus.face.ppm" is used,...

Foscam IP Camera - Predictable Credentials Security Bypass

Foscam IP Camera - Predictable Credentials Security Bypass // source: https://www.securityfocus.com/bid/67510/info Foscam IP Camera is prone to a security-bypass vulnerability. An attacker can exploit this issue to gain access to sensitive information and perform certain unauthorized actions; thi...

Foscam IP Camera - Predictable Credentials Security Bypass

// source: https://www.securityfocus.com/bid/67510/info Foscam IP Camera is prone to a security-bypass vulnerability. An attacker can exploit this issue to gain access to sensitive information and perform certain unauthorized actions; this may lead to further attacks. Foscam IP Camera 11.37.2.49...

Sitecom routers predictable WAP key

Default WAP key can be computed from device MAC address...

Weak firmware encryption and predictable WPA key on Sitecom routers

ADVISORY INFORMATION Title: Weak firmware encryption and predictable WPA key on Sitecom routers Discovery date: 17/02/2014 Release date: 24/04/2014 Credits: Roberto Paleari @rpaleari Alessandro Di Pinto @adipinto Advisory URL: http://blog.emaze.net/2014/04/sitecom-firmware-and-wifi.html AFFECTED...

Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability

Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability Advisory-ID: 201404301 Discovery Date: 03.27.2014 Release Date: 04.30.2014 Affected Applications: CGILua 5.0.x, CGILua 5.1.x., CGILua 5.2 alpha 1 & CGILua 5.2 alpha 2 Class: Predictable Session ID Status: Unpatched/Vendor...

CVE-2013-1807

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/dbbackups/...