[security bulletin] HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple Remote Vulnerabilities
 
[security bulletin] HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2, Multiple Remote Vulnerabilities
 
[SECURITY] [DSA 3678-1] python-django security update
 
[security bulletin] HPSBHF03652 rev.1 - HPE iMC PLAT Network Products running Apache Commons FileUpload, Remote Denial of Service (DoS)
 
LibTIFF CVE-2015-8668 Heap Buffer Overflow Vulnerability
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
libTIFF CVE-2016-5320 Remote Code Execution Vulnerability
 
LibTIFF 'tif_write.c' Denial of Service Vulnerability
 
'pam_userdb' Module CVE-2013-7041 Password Hashes Security Weakness
 

A social hangout website for teenage girls has sprung a leak that's exposing plaintext passwords protecting as many as 5.5 million user accounts. As this post went live, all attempts to get the leak plugged had failed.

Operators of i-Dressup didn't respond to messages sent by Ars informing them that a hacker has already downloaded more than 2.2 million of the improperly stored account credentials. The hacker said it took him about three weeks to obtain the cache and that there's nothing stopping him or others from downloading the entire database of slightly more than 5.5 million entries. The hacker said he acquired the e-mail addresses and passwords by using a SQL injection attack that exploited vulnerabilities in the i-Dressup website.

The hacker provided the 2.2 million account credentials both to Ars and breach notification service Have I Been Pwned?. By plugging randomly selected e-mail addresses into the forgotten password section of i-Dressup, both Ars and Have I Been Pwned? principal Troy Hunt found that they all were used to register accounts on the site. Ars then used the contact us page on i-Dressup to privately notify operators of the vulnerability, but more than five days later, no one has responded and the bug remains unfixed.

Read 3 remaining paragraphs | Comments

 
 
Google Nexus CVE-2016-3857 Privilege Escalation Vulnerability
 
[security bulletin] HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS)
 
IBM WebSphere Application Server Liberty Profile CVE-2016-3042 Cross Site Scripting Vulnerability
 
IBM WebSphere Application Server CVE-2016-5986 Information Disclosure Vulnerability
 
Irssi 'buf.pl' Local Information Disclosure Vulnerability
 
libxml2 CVE-2016-1762 Multiple Memory Corruption Vulnerabilities
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

I want to draw your attention to some great work Dr. Bontchev did.

pcodedmp.py is a VBA P-code disassembler. Microsoft Office documents contain VBA macros in several forms. They contain the source code, but also compiled P-code. Dr. Bontchev created a proof-of-concept document that executes P-code and does not contain the corresponding source code. Here is the output from his pcodedmp.py tool for his PoC document:

python pcodedmp.py -d poc2b.docProcessing file: poc2b.doc===============================================================================Module streams:Macros/VBA/ThisDocument - 1949 bytesLine #0:        FuncDefn (Sub / Property Set) func_00000078Line #1:        LitStr 0x001D This could have been a virus!        Ld vbInformation        Ld vbOKOnly        Add        LitStr 0x0006 Virus!        ArgsCall MsgBox 0x0003Line #2:        LitStr 0x0008 calc.exe        Paren        ArgsCall Shell 0x0001Line #3:        EndSub

Dr. Bontchev also coded a plugin for oledump.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
[slackware-security] php (SSA:2016-267-01)
 
OS-S Security Advisory 2016-19: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates (CVSS 10)
 
Internet Storm Center Infocon Status