Hackin9

Posted by InfoSec News on Apr 28

http://www.nextgov.com/defense/2015/04/heres-how-you-hack-drone/111229/

By Aliya Sternstein
Nextgov.com
April 27, 2015

Research studies on drone vulnerabilities published in recent years
essentially provided hackers a how-to guide for hijacking unmanned
aircraft, an Israeli defense manufacturer said Monday.

A real-life downing of a CIA stealth drone by Iranians occurred a month
after one such paper was published, noted Esti Peshin, director...
 

Posted by InfoSec News on Apr 28

http://www.nytimes.com/2015/04/28/opinion/preparing-for-warfare-in-cyberspace.html

By THE EDITORIAL BOARD
The New York Times
APRIL 28, 2015

The Pentagon’s new 33-page cybersecurity strategy is an important
evolution in how America proposes to address a top national security
threat. It is intended to warn adversaries — especially China, Russia,
Iran and North Korea — that the United States is prepared to retaliate, if
necessary,...
 

Posted by InfoSec News on Apr 28

http://www.telegraph.co.uk/news/worldnews/europe/estonia/11564163/Estonia-recruits-volunteer-army-of-cyber-warriors.html

By David Blair
Tallinn
telegraph.co.uk
26 Apr 2015

Estonia has recruited a "ponytail army" of volunteer computer experts who
stand ready to defend the nation against cyber attack.

The country's reserve force, the Estonian Defence League, has a Cyber Unit
consisting of hundreds of civilian volunteers,...
 

Posted by InfoSec News on Apr 28

http://www.eweek.com/security/rsa-hammers-home-fact-that-hackers-are-winning.html

By Sean Michael Kerner
eWEEK.com
2015-04-27

There was a pall of darkness that hung over the RSA Conference that ran at
San Francisco's Moscone Center from April 20 to 24. Speaker after speaker,
session after session, vendor booth after vendor booth, there was one
overriding message that I heard time and again—the attackers are winning.

The most clichéd...
 

Posted by InfoSec News on Apr 28

http://motherboard.vice.com/read/the-operators

BY JOSEPH COX
Motherboard.vice.com
April 27, 2015

Richard* had a long drive ahead of him. About an hour earlier, at 5:30 AM,
his wife Lisa* had phoned.

“The house is filled up,” she said in a calm but audibly tense voice.
Richard, having just woken up and now trying to make sense of the call,
thought there must have been another water leak in the basement.

Instead, his wife told him, the...
 

CSO Australia

Infosec's human face
CSO Australia
Program Chairman Hugh Thompson closed the RSA Conference with a focus on the human side of information security. It's easy, as information security professionals, to get caught up in seemingly endless cycle of threats, critical flaws and technical ...
166816 (Z66816): A post-RSA Conference recapCSO Online
On healthcare data security, not all security pros see unique challengesTechTarget
Takeaways from RSA 2015: The stars of the showNetwork World

all 18 news articles »
 

CSO Australia

Encryption and key management at heart of great infosec say Thales
CSO Australia
We spoke with Richard Moulds, the vice president of product strategy at Thales e-Security, at the recent RSA Conference held in San Francisco about the role of encryption in a number of different security issues. “Everyone thinks encryption is a single ...

 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

An Enduring Adversary

This diary entry documents a criminal group using the Fiesta exploit kit (EK) to infect Windows computers. I previously wrote a guest diary about this group on 2014-12-26 [1] and provided some updated information on my personal blog">]. I first noticed this group in 2013, and its likely been active well before then.

The group is currently using a gate that generates traffic from compromised websites to a Fiesta EK domain. Im calling this group the BizCN gate actor because all its gate domains are registered through Chinese registrar www.bizcn.com, and they all reside on a single IP address. The registrant data is privacy-protected through Wuxi Yilian LLC.

Earlier this month, the BizCN gate actor changed its gate IPto 136.243.227.9 [3]. Were currently seeing thegate lead to Fiesta EK on 205.234.186.114. Below is a flow chart for" />

Traffic From an Infected Host

The following image shows traffic from 136.243.227.9 (the gate)that occurred on 2015-04-26. " />

Within the past week or so, Fiesta EK has modified its URL structure. Now youll finddashes and underscores in the URLs (something that wasn" />

A pcap of this traffic at is available at: http://www.malware-traffic-analysis.net/2015/04/26/2015-04-26-Fiesta-EK-traffic.pcap

The malware payload on the infected host copied itself to a directory under the users AppData\Local folder. It also" />

A copy of the malware payload is available at: " />

Below is an image from Sguil on Security Onion for EmergingThreats and ETPRO snort events caused bythe infection. " />

Indicators of Compromise (IOCs)

Passive DNS on 136.243.227.9 shows at least 100 domains registered through www.bizcn.com hosted on this IP address. Each domain is paired with a compromised website. Below is a list of the gate domains and their associated compromised websites Ive found so far this month:

(Read: gate on 136.243.227.9 - compromised website)

  • doralerd.org - undertone.com
  • einseeld.com - forum.freeadvice.com
  • fogelicy.org - forum.thegradcafe.com
  • furarryl.org - forum.ppcgeeks.com
  • holamecs.com - marksdailyapple.com
  • hrortict.com - gm-trucks.com
  • indusish.org - christianforms.com
  • jadilips.org - forums.pelicanparts.com
  • khundalt.org - scienceforums.net
  • kroentro.com - longrangehunting.com
  • molporic.com - quiltingboard.com
  • muskiert.org - hacknmod.com
  • naraiarm.org - visajourney.com
  • nealychy.com - iwsti.com
  • nonypeck.com - forms.pinstack.com
  • octaneft.com - droidrzr.com
  • omaidett.com - nano-reef.com
  • rotonexy.org - acne.org
  • sulecass.com - rugerforum.net
  • trobirks.com - gtrlife.com
  • unitturt.org - dbstalk.com

How can you determine if your clients saw traffic associated with this actor? Organizations withweb proxy logs can search for 136.243.227.9 to see theHTTP requests. Those HTTP headers should includea refererline withthe compromised website. Many of these compromised websites use vBulletin.

Final Notes

Researchers may have a hard timegeneratinginfection trafficfrom compromised websites associated with this actor. Most often, HTTP GET requests to the gate domain returna 404 Not Found. ">In some cases, the gate domain might not appear in traffic at all.Other times, the HTTP GET request for theFiesta EK landing page doesnt return anything. Its tough to get a fullinfection chain when youre trying to do it on purpose.

The BizCN gate actor occasionally changes the IP address for these gate domains. Since their information is now public through this diary entry, the actor will likely change the gates IP address and domains again.

Unless theres a drastic change in their pattern of operations, this BizCNgate actor will be found relatively soon after any upcoming changes.

---
Brad Duncan, Security Researcher at Rackspace
Blog: www.malware-traffic-analysis.net - Twitter: @malware_traffic

References:

[1] https://isc.sans.edu/diary/Gate+to+Fiesta+exploit+kit+on+9424221669/19117
[2] http://www.malware-traffic-analysis.net/2015/02/05/index.html
[3] http://urlquery.net/search.php?q=136.243.227.9
[4]https://www.virustotal.com/en/file/66c4d1b42081a33a14f601b72fe513d9baa8a8aec083103dc3dc139d257644a2/analysis/

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

More than seven months after being flagged as vulnerable, more than a dozen Android apps collectively downloaded at least 350 million times still contain fatal HTTPS flaws that cause them to leak passwords, phone numbers, and other highly sensitive user data, student researchers at City College of San Francisco found.

The vulnerable apps include OKCupid Dating, Dish Anywhere, ASTRO File Manager with Cloud, CityShop – for Craigslist, and PicsArt Photo Studio, which collectively have commanded from 170 million to 670 million downloads, according to official Google Play figures. Most of the titles have been updated regularly, but they continue to contain a game-over vulnerability that fails to detect fraudulent transport layer security (TLS) certificates, according to a blog post published Sunday by Sam Bowne, a security researcher who teaches a class on the ethical hacking of mobile devices at the City College of San Francisco. They likely are a tiny fraction of the Android apps that suffer the same flaw.

All 15 of the apps called out by Bowne's class were first flagged as unsafe in a September blog post from the CERT Division of the Software Engineering Institute. In the September post, researcher Will Dormann said CERT was contacting developers of all 23,668 apps found to be vulnerable. Bowne's class didn't have the resources to check all of the apps on the list, so it's likely many more also remain unfixed. Bowne assigned this class project after independently discovering that all text transmitted by Snap Secure could be decrypted by anyone presenting the app with a fraudulent TLS certificate.

Read 4 remaining paragraphs | Comments

 
A three-dimensional reconstruction of chip features from measurements using the NIST model-library method.As microchip feature dimensions approach atomic scale, it becomes formidably difficult to measure their size and shape. According ...
 
[CORE-2015-0008] - InFocus IN3128HD Projector Multiple Vulnerabilities
 
[ MDVSA-2015:212 ] java-1.7.0-openjdk
 

Update: About two hours after this post went live, WordPress released a critical security update that fixes the 0day vulnerability described below.

The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full control of the Web server. Attack code has been released that targets one of the latest versions of WordPress, making it a zero-day exploit that could touch off a series of site hijackings throughout the Internet.

Both vulnerabilities are known as stored, or persistent, cross-site scripting (XSS) bugs. They allow an attacker to inject code into the HTML content received by administrators who maintain the website. Both attacks work by embedding malicious code into the comments section that appear by default at the bottom of a WordPress blog or article post. From there, attackers can change passwords, add new administrators, or take just about any other action legitimate admins can perform. The most serious of the two vulnerabilities is in WordPress version 4.2 because as of press time there is no patch.

Read 5 remaining paragraphs | Comments

 

Ive been asked a few times this year ($dayjob) to discuss and review incident handling practices with some of our clients. This topic seems to have come up to the surface again, and with some breaches getting main-stream coverage, it only makes sense. Taking a look at some of our past posts here on the ISC, I was pleasantly greeted with a long history on this topic (see list below).

For those that have not seen it yet should read the 2015Verizon Data Breach Report (DBIR) [1]. A couple of notes on DBIR(very brief as it seems everyone is reviewing it [2]), we are getting better. The entry on page 5 that is called out stuck with me In 70% of the attacks where we know the motive for the attack, theres a secondary victim.[1] Some homework, go read page 5!

The second take away from DBIR tells me that we can prevent quite a bit. Remember where prevention stops, incident handling starts. If you jump to page 15 a big lesson that youd THINK we">PATCH 99.9% of the exploited vulnerabilities had been compromised more than a year after the associated CVE was published.[1]

Some Observations

In my travels it has been observed that more companies are starting to negotiate contracts with outside incident management firms proactively. This is a great sign, one thing I am still noting an area of weakness is in the internal incident handling skills. We should still have some staff that at least understands the process (thinking evidence handling here). These staffers should act as both liaison to contract staff and aid with guidance to management.

Most, if not all, companies that I have visited have solid policies and standards in place. Along with a surprising number that including marketing and public relations. It seems we are getting a little better here. Note: Have a list of those that are cleared to speak to any media, your average journalist will eat an engineer alive. Know when to say I cannot comment on that

Parting references I use for incident management:

http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf

http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf

http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83.pdf

http://www.ncix.gov/publications/reports/fecie_all/Foreign_Economic_Collection_2011.pdf

http://energy.gov/sites/prod/files/oeprod/DocumentsandMedia/26-CIP_CyberAssessmentGuide.pdf

http://www.ietf.org/rfc/rfc2350.txt

http://www.cert.org/csirts/resources.html

http://www.iso27001security.com/html/27035.html

http://www.itu.int/en/ITU-D/Cybersecurity/Documents/ALERT.pdf

http://www.itu.int/ITU-D/membership/portal/index.asp?Name=45047

http://www.itu.int/ITU-D/asp/CMS/Events/2011/CyberCrime/S6_Mohamad_Sazly_Musa.pdf

http://csrc.nist.gov/groups/SMA/fasp/documents/incident_response/CIRT-Desk-Reference.pdf

The Practice of Network Security Monitoring: Understanding Incident Detection and Response by Richard Bejtlich Link: http://amzn.com/1593275099

http://www.sans.org/reading-room/whitepapers/incident/incident-handling-process-small-medium-businesses-1791?show=incident-handling-process-small-medium-businesses-1791cat=incident

http://www.sans.org/reading-room/whitepapers/incident/computer-incident-response-team-641?show=computer-incident-response-team-641cat=incident

http://www.cert.org/csirts/csirt_faq.html

http://www.veriscommunity.net/doku.php

http://www.ietf.org/rfc/rfc2350.txt

References

[1] http://www.verizonenterprise.com/DBIR/

[2] http://researchcenter.paloaltonetworks.com/2015/04/2015-verizon-data-breach-investigations-report-dbir-insights-from-unit-42/

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Open-Xchange Security Advisory 2015-04-27
 
[ MDVSA-2015:211 ] glusterfs
 

Posted by InfoSec News on Apr 27

http://www.nytimes.com/2015/04/26/us/russian-hackers-read-obamas-unclassified-emails-officials-say.html

By MICHAEL S. SCHMIDT and DAVID E. SANGER
The New York Times
APRIL 25, 2015

WASHINGTON - Some of President Obama’s email correspondence was swept up
by Russian hackers last year in a breach of the White House’s unclassified
computer system that was far more intrusive and worrisome than has been
publicly acknowledged, according to...
 

Posted by InfoSec News on Apr 27

http://www.telegraph.co.uk/news/worldnews/northamerica/usa/11563746/NSA-veteran-chief-fears-crippling-cyber-attack-on-Western-energy-infrastructure.html

By Ambrose Evans-Pritchard
Houston
Telegraph.co.uk
26 Apr 2015

The West is losing the worldwide fight against jihadist terrorism and
faces mounting risks of a systemic cyber-assault by extremely capable
enemies, the former chief of the National Security Agency has warned.

"The greatest...
 

Posted by InfoSec News on Apr 27

http://www.zdnet.com/article/bill-introduced-forcing-mandatory-disclosure-of-data-breaches-but-at-the-expense-of-hackers/

By Zack Whittaker
Zero Day
ZDNet News
April 25, 2015

Congress is at odds on new cybersecurity legislation, with the
introduction of two competing bills aimed at reforming computer misuse
laws.

On Tuesday, Sens. Mark Kirk (R-IL) and Kirsten Gillibrand (D-NY)
introduced two new bills -- one with the express aim at...
 

Posted by InfoSec News on Apr 27

http://www.technologyreview.com/view/537001/security-experts-hack-teleoperated-surgical-robot/

MIT Technology Review
Emerging Technology From the arXiv
April 24, 2015

A crucial bottleneck that prevents life-saving surgery being performed in
many parts of the world is the lack of trained surgeons. One way to get
around this is to make better use of the ones that are available.

Sending them over great distances to perform operations is clearly...
 

Posted by InfoSec News on Apr 27

http://www.tampabay.com/news/courts/criminal/stolen-centcom-computers-found-on-ebay/2226424

By Patty Ryan
Times Staff Writer
Tampa Bay Times April 21, 2015

TAMPA — The internal theft of five laptop computers from U.S. Central
Command at MacDill Air Force Base went undetected until a supplier noticed
four of them advertised on eBay, according to federal court records.

A CentCom official ordered an inventory, putting it in the hands of a...
 
[ MDVSA-2015:210 ] qemu
 
Elasticsearch vulnerability CVE-2015-3337
 
[ MDVSA-2015:209 ] php
 
[ MDVSA-2015:208 ] setup
 
[ MDVSA-2015:207 ] perl-Module-Signature
 
LinuxSecurity.com: Zarafa Collaboration Platform 7.1.12 final [48726]================================================== * ZCP-10149: Include Documentation hint for usage of NFS and -o nolock option * ZCP-10233: Zarafa-mr-accept script complains in certain cases about php timezone functions * ZCP-10578: missing prerequisites for the reverse proxy in the administrator manual * ZCP-10639: Incorrect message when trying to add an archive * ZCP-10919: a remote admin in multi tenant mode cannot resolve users * ZCP-11061: Bandwidth requirement documentation * ZCP-11413: Monitor complains on unused config options. * ZCP-11418: Compat features do not work with outlook 2010 and windows 8 * ZCP-11468: Document for a user who wants to use webapp, but is experiencing problems by using an unsupported browser, an easier area to locate the list of supported browsers * ZCP-11664: Remove "you" wording from the WebApp User Manual * ZCP-11713: Japanese e-mail breaks the body text * ZCP-11744: zarafa-restore error in documentation * ZCP-11786: zarafa-ws is trying to put files in /usr/share/doc/zarafa * ZCP-11869: Documentation is not clear about Multitenant Public Folder attribute * ZCP-11929: differences between "Managing tenant (company) spaces" and zarafa-admin * ZCP-11931: Outlook Client: synchronisation of an offline profile makes zarafa-server unresponsive * ZCP-11937: Setting out of office for the first time sets language to Catalan * ZCP-11949: Update documentation to stress that one server must have one database. * ZCP-12081: AB Provider UID is defined multiple times and may cause the server to read invalid memory * ZCP-12110: Segfault zarafa-server 7.1.8 R1 * ZCP-12257: include location of the ads plugin in the manual * ZCP-12371: Add additional LDAP logging when using extended log level * ZCP-12409: zarafa-search crashes with ssl * ZCP-12424: Dagent in LMTP mode violates RFC5321 * ZCP-12461: ECDatabaseMySQL defined twice * ZCP-12488: storing attachments in files on disk is not optimal implemented * ZCP-12491: Last date of a serial MR is ignored * ZCP-12492: Private mails sent from Exchange are not marked private. * ZCP-12501: Component documentation * ZCP-12534: Sending a mail to a group: The receivers do not see the group correctly. * ZCP-12549: remove mail subject from spooler.log * ZCP-12550: Zarafa-hidden does not work for cached outlook in ZCP 7.1.10 * ZCP-12566: gsoap code gets our license attached in community distribution of zcp * ZCP-12568: ldap_uri slows down webapp and server after switching the LDAP-Server * ZCP-12574: meeting request copy to delegate - german umlauts broken * ZCP-12592: Update unsecure swfupload.swf * ZCP-12596: senddocument.php allows unauthorized upload of files * ZCP-12597: OL2013 15.0.4641.1001 shows private appointments * ZCP-12600: Sync seems to fail for larger objects * ZCP-12608: Compatibility package does not install correctly with OEM version of Outlook 2013 in every case * ZCP-12611: Cannot move appointment to different calendar * ZCP-12618: Move temporary patch definitions file to systemwide central location * ZCP-12629: zarafa-server binary does not check for existence of sockets and pids when started manually * ZCP-12657: Optimization of dagent incoming e-mail processing * ZCP-12660: Change runlevel of zarafa-licensed to start before zarafa-server * ZCP-12671: Add new OL2013 version 15.0.4659.1000 client to compatibility component * ZCP-12676: IMAP Failed to read line: Interrupted system call * ZCP-12692: Stores should not be orphaned when user_safe_mode is active, even if they are back when correcting backend * ZCP-12696: SMTP RFC store violation * ZCP-12698: compile fail with recent g++ (4.9) * ZCP-12716: mails send with x-mailer "CDO for windows 2000" loses attachments. * ZCP-12720: SMTP RFC store violation * ZCP-12754: Document that its a bad idea to switch the connection type inside a profile * ZCP-12755: Add new OL2013 version 15.0.4667.1000 client to compatibility component * ZCP-12762: remove userquota_soft_template & userquota_hard_template from documentation * ZCP-12766: zarafa-mailbox-permissions doesn't remove rules for --remove-all-permissions * ZCP-12788: Updating the name of a non-active user will change it to a active user * ZCP-12790: Message with attachments converted from uuencoded to attachments with uudecode.py * ZCP-12791: zarafa-server crashing due to ldap.cfg error * ZCP-12801: Attachments aren't written into the database * ZCP-12824: zarafa server still logs indexer instead of search. * ZCP-12845: storing attachments in files on disk is not optimal implemented * ZCP-12847: Change changelog author for debian/rhel packages * ZCP-12850: ECDatabaseMySQL defined twice * ZCP-12851: zarafa-gateway: NOOP returns with wrong return code * ZCP-12852: Reading an encypted or signed email will change the receive date of the email to server time * ZCP-12865: zarafa-gateway.cfg man page missing description of imap_max_fail_commands. * ZCP-12877: meeting request copy to delegate - german umlauts broken * ZCP-12889: Segfault zarafa-server 7.1.8 R1 * ZCP-12892: Last date of a serial MR is ignored * ZCP-12898: zarafa-webaccess no login after update to 7.1.10 on Ubuntu 10.04 * ZCP-12901: mails send with x-mailer "CDO for windows 2000" loses attachments. * ZCP-12908: zarafa-server crashing due to ldap.cfg error * ZCP-12910: Monitor complains on unused config options. * ZCP-12914: Add comment in monitor.cfg for companyquota_warning_template * ZCP-12918: zarafa spooler queues mails forever if smtpd rejects the mail * ZCP-12920: As a user I want to be able to sort the global addresses book by Chinese character * ZCP-12921: Chinese character broken once received * ZCP-12922: remove userquota_soft_template & userquota_hard_template from documentation * ZCP-12923: Building from source fails when xmlto / libical / bison is missing * ZCP-12926: ECChannel::HrSelect doesn't handle EINTR as it should * ZCP-12930: zarafa-dagent segfault when deliver special mail * ZCP-12934: When reporting this traceback, please include Linux distribution name, system architecture and Zarafa version. * ZCP-12944: another chinese decode issue * ZCP-12945: Add new OL2013 version 15.0.4675.1003 client to compatibility component * ZCP-12949: Update documentation for unsupported Oracle Packages * ZCP-12950: zarafa-dagent segfault when deliver special mail * ZCP-12968: ECChannel::HrSelect doesn't handle EINTR as it should * ZCP-12994: Disabling imap on a pop3 users breaks certain mail. * ZCP-12995: Example command given in "Out of office management" is incomplete * ZCP-13015: add SSL settings for zcp 7.1 * ZCP-13019: Update documentation for Debian language pack installation * ZCP-13020: zarafa-admin tool mismatch password gives wrong notification * ZCP-13024: allowed to create SYSTEM user * ZCP-13026: Add new OL2013 version 15.0.4693.1000 client to compatibility component * ZCP-13030: Add new OL2010 version 14.0.7143.5000 client to compatibility component * ZCP-13035: Rather use SSLCERT_FILE & SSLCERT_PASS when setting up SSO for WebApp/WebAccess * ZCP-13039: Add comment in monitor.cfg for companyquota_warning_template * ZCP-13046: Improve z-push documentation in admin manual * ZCP-13047: man page zarafa-admin --hook-store --copyto-public could use some extra information * ZCP-13055: Zarafa outlook client 7.1.11-48011 does not work well with zarafa auto updater * ZCP-13060: zarafa server still logs indexer instead of search. * ZCP-13061: Sync seems to fail for larger objects * ZCP-13062: Merge the compatibility package installation into the MSI typical install mode * ZCP-13082: patch: wrong charset in HTML * ZCP-13120: Add new OL2013 version 15.0.4701.1000 client to compatibility component * ZCP-13123: Simplification of installation targets of compat package for manifest and c2r installations * ZCP-13143: Spooler.log gives wrong messages notifications * ZCP-13153: Outlook: answering on a message in 'send items' results in a message with empty Reply-To: header. * ZCP-13154: it would be helpful if phpmapi would produce a logfile * ZCP-13155: WebAccess /etc/zarafa/webaccess/config.php is not a symlink * ZCP-13158: Upgrade OpenSSL to 1.0.1m on Win32 * ZCP-13176: zarafa-server binary does not check for existence of sockets and pids when started manually * ZCP-13177: patch: wrong charset in HTML * ZCP-13179: it would be helpful if phpmapi would produce a logfile * ZCP-13180: Spooler.log gives wrong messages notifications * ZCP-13187: Message with attachments converted from uuencoded to attachments with uudecode.py * ZCP-13190: Setting out of office for the first time sets language to Catalan * ZCP-13191: When reporting this traceback, please include Linux distribution name, system architecture and Zarafa version. * ZCP-13192: Incorrect message when trying to add an archive * ZCP-13194: remove mail subject from spooler.log * ZCP-6294: allowed to create SYSTEM user * ZCP-6443: zarafa-admin tool mismatch password gives wrong notification * ZCP-7085: Updating the name of a non-active user will change it to an active user * ZCP-7296: Extension on the administrator manual
 
LinuxSecurity.com: This update addresses a security vulnerability identified as CVE-2015-1863 . More information on this vulnerability is provided by upstream at https://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt . An extract:Attacker (or a system controlled by the attacker) needs to be within radio range of the vulnerable system to send a suitably constructed management frame that triggers a P2P peer device information to be created or updated.The vulnerability is easiest to exploit while the device has started an active P2P operation (e.g., has ongoing P2P_FIND or P2P_LISTEN control interface command in progress). However, it may be possible, though significantly more difficult, to trigger this even without any active P2P operation in progress.
 
LinuxSecurity.com: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds
 
LinuxSecurity.com: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds
 
LinuxSecurity.com: 16 Apr 2015, **PHP 5.5.24**Apache2handler:* Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler). (Gerrit Venema)Core:* Fixed bug #66609 (php crashes with __get() and ++ operator in some cases). (Dmitry, Laruence)* Fixed bug #67626 (User exceptions not properly handled in streams). (Julian)* Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters). (Tjerk)* Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)* Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski)* Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString). (Stas)* Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing). (Nikita)* Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator). (Nikita)* Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability). (Stas)* Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions). (Stas)Curl:* Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)* Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)Date:* Export date_get_immutable_ce so that it can be used by extensions. (Derick Rethans)* Fixed bug #69336 (Issues with "last day of "). (Derick Rethans)Enchant:* Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds). (Anatol)Fileinfo:* Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault). (Anatol Belski)Filter:* Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used). (Jeff Welch)* Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff Welch)Mbstring:* Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E). (Masaki Kagaya)OPCache* Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)* Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)OpenSSL:* Fixed bug #67403 (Add signatureType to openssl_x509_parse).* Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)Phar:* Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar). (Mike)* Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)* Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)* Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar"). (Mike)* Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)* Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (Stas)Postgres:* Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)SPL:* Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)SOAP:* Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)). (thomas at shadowweb dot org, Laruence)SQLITE:* Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception). (Dan Ackroyd)* Fixed bug #69287 (Upgrade bundled sqlite to 3.8.8.3). (Anatol)
 
LinuxSecurity.com: Zarafa Collaboration Platform 7.1.12 final [48726]================================================== * ZCP-10149: Include Documentation hint for usage of NFS and -o nolock option * ZCP-10233: Zarafa-mr-accept script complains in certain cases about php timezone functions * ZCP-10578: missing prerequisites for the reverse proxy in the administrator manual * ZCP-10639: Incorrect message when trying to add an archive * ZCP-10919: a remote admin in multi tenant mode cannot resolve users * ZCP-11061: Bandwidth requirement documentation * ZCP-11413: Monitor complains on unused config options. * ZCP-11418: Compat features do not work with outlook 2010 and windows 8 * ZCP-11468: Document for a user who wants to use webapp, but is experiencing problems by using an unsupported browser, an easier area to locate the list of supported browsers * ZCP-11664: Remove "you" wording from the WebApp User Manual * ZCP-11713: Japanese e-mail breaks the body text * ZCP-11744: zarafa-restore error in documentation * ZCP-11786: zarafa-ws is trying to put files in /usr/share/doc/zarafa * ZCP-11869: Documentation is not clear about Multitenant Public Folder attribute * ZCP-11929: differences between "Managing tenant (company) spaces" and zarafa-admin * ZCP-11931: Outlook Client: synchronisation of an offline profile makes zarafa-server unresponsive * ZCP-11937: Setting out of office for the first time sets language to Catalan * ZCP-11949: Update documentation to stress that one server must have one database. * ZCP-12081: AB Provider UID is defined multiple times and may cause the server to read invalid memory * ZCP-12110: Segfault zarafa-server 7.1.8 R1 * ZCP-12257: include location of the ads plugin in the manual * ZCP-12371: Add additional LDAP logging when using extended log level * ZCP-12409: zarafa-search crashes with ssl * ZCP-12424: Dagent in LMTP mode violates RFC5321 * ZCP-12461: ECDatabaseMySQL defined twice * ZCP-12488: storing attachments in files on disk is not optimal implemented * ZCP-12491: Last date of a serial MR is ignored * ZCP-12492: Private mails sent from Exchange are not marked private. * ZCP-12501: Component documentation * ZCP-12534: Sending a mail to a group: The receivers do not see the group correctly. * ZCP-12549: remove mail subject from spooler.log * ZCP-12550: Zarafa-hidden does not work for cached outlook in ZCP 7.1.10 * ZCP-12566: gsoap code gets our license attached in community distribution of zcp * ZCP-12568: ldap_uri slows down webapp and server after switching the LDAP-Server * ZCP-12574: meeting request copy to delegate - german umlauts broken * ZCP-12592: Update unsecure swfupload.swf * ZCP-12596: senddocument.php allows unauthorized upload of files * ZCP-12597: OL2013 15.0.4641.1001 shows private appointments * ZCP-12600: Sync seems to fail for larger objects * ZCP-12608: Compatibility package does not install correctly with OEM version of Outlook 2013 in every case * ZCP-12611: Cannot move appointment to different calendar * ZCP-12618: Move temporary patch definitions file to systemwide central location * ZCP-12629: zarafa-server binary does not check for existence of sockets and pids when started manually * ZCP-12657: Optimization of dagent incoming e-mail processing * ZCP-12660: Change runlevel of zarafa-licensed to start before zarafa-server * ZCP-12671: Add new OL2013 version 15.0.4659.1000 client to compatibility component * ZCP-12676: IMAP Failed to read line: Interrupted system call * ZCP-12692: Stores should not be orphaned when user_safe_mode is active, even if they are back when correcting backend * ZCP-12696: SMTP RFC store violation * ZCP-12698: compile fail with recent g++ (4.9) * ZCP-12716: mails send with x-mailer "CDO for windows 2000" loses attachments. * ZCP-12720: SMTP RFC store violation * ZCP-12754: Document that its a bad idea to switch the connection type inside a profile * ZCP-12755: Add new OL2013 version 15.0.4667.1000 client to compatibility component * ZCP-12762: remove userquota_soft_template & userquota_hard_template from documentation * ZCP-12766: zarafa-mailbox-permissions doesn't remove rules for --remove-all-permissions * ZCP-12788: Updating the name of a non-active user will change it to a active user * ZCP-12790: Message with attachments converted from uuencoded to attachments with uudecode.py * ZCP-12791: zarafa-server crashing due to ldap.cfg error * ZCP-12801: Attachments aren't written into the database * ZCP-12824: zarafa server still logs indexer instead of search. * ZCP-12845: storing attachments in files on disk is not optimal implemented * ZCP-12847: Change changelog author for debian/rhel packages * ZCP-12850: ECDatabaseMySQL defined twice * ZCP-12851: zarafa-gateway: NOOP returns with wrong return code * ZCP-12852: Reading an encypted or signed email will change the receive date of the email to server time * ZCP-12865: zarafa-gateway.cfg man page missing description of imap_max_fail_commands. * ZCP-12877: meeting request copy to delegate - german umlauts broken * ZCP-12889: Segfault zarafa-server 7.1.8 R1 * ZCP-12892: Last date of a serial MR is ignored * ZCP-12898: zarafa-webaccess no login after update to 7.1.10 on Ubuntu 10.04 * ZCP-12901: mails send with x-mailer "CDO for windows 2000" loses attachments. * ZCP-12908: zarafa-server crashing due to ldap.cfg error * ZCP-12910: Monitor complains on unused config options. * ZCP-12914: Add comment in monitor.cfg for companyquota_warning_template * ZCP-12918: zarafa spooler queues mails forever if smtpd rejects the mail * ZCP-12920: As a user I want to be able to sort the global addresses book by Chinese character * ZCP-12921: Chinese character broken once received * ZCP-12922: remove userquota_soft_template & userquota_hard_template from documentation * ZCP-12923: Building from source fails when xmlto / libical / bison is missing * ZCP-12926: ECChannel::HrSelect doesn't handle EINTR as it should * ZCP-12930: zarafa-dagent segfault when deliver special mail * ZCP-12934: When reporting this traceback, please include Linux distribution name, system architecture and Zarafa version. * ZCP-12944: another chinese decode issue * ZCP-12945: Add new OL2013 version 15.0.4675.1003 client to compatibility component * ZCP-12949: Update documentation for unsupported Oracle Packages * ZCP-12950: zarafa-dagent segfault when deliver special mail * ZCP-12968: ECChannel::HrSelect doesn't handle EINTR as it should * ZCP-12994: Disabling imap on a pop3 users breaks certain mail. * ZCP-12995: Example command given in "Out of office management" is incomplete * ZCP-13015: add SSL settings for zcp 7.1 * ZCP-13019: Update documentation for Debian language pack installation * ZCP-13020: zarafa-admin tool mismatch password gives wrong notification * ZCP-13024: allowed to create SYSTEM user * ZCP-13026: Add new OL2013 version 15.0.4693.1000 client to compatibility component * ZCP-13030: Add new OL2010 version 14.0.7143.5000 client to compatibility component * ZCP-13035: Rather use SSLCERT_FILE & SSLCERT_PASS when setting up SSO for WebApp/WebAccess * ZCP-13039: Add comment in monitor.cfg for companyquota_warning_template * ZCP-13046: Improve z-push documentation in admin manual * ZCP-13047: man page zarafa-admin --hook-store --copyto-public could use some extra information * ZCP-13055: Zarafa outlook client 7.1.11-48011 does not work well with zarafa auto updater * ZCP-13060: zarafa server still logs indexer instead of search. * ZCP-13061: Sync seems to fail for larger objects * ZCP-13062: Merge the compatibility package installation into the MSI typical install mode * ZCP-13082: patch: wrong charset in HTML * ZCP-13120: Add new OL2013 version 15.0.4701.1000 client to compatibility component * ZCP-13123: Simplification of installation targets of compat package for manifest and c2r installations * ZCP-13143: Spooler.log gives wrong messages notifications * ZCP-13153: Outlook: answering on a message in 'send items' results in a message with empty Reply-To: header. * ZCP-13154: it would be helpful if phpmapi would produce a logfile * ZCP-13155: WebAccess /etc/zarafa/webaccess/config.php is not a symlink * ZCP-13158: Upgrade OpenSSL to 1.0.1m on Win32 * ZCP-13176: zarafa-server binary does not check for existence of sockets and pids when started manually * ZCP-13177: patch: wrong charset in HTML * ZCP-13179: it would be helpful if phpmapi would produce a logfile * ZCP-13180: Spooler.log gives wrong messages notifications * ZCP-13187: Message with attachments converted from uuencoded to attachments with uudecode.py * ZCP-13190: Setting out of office for the first time sets language to Catalan * ZCP-13191: When reporting this traceback, please include Linux distribution name, system architecture and Zarafa version. * ZCP-13192: Incorrect message when trying to add an archive * ZCP-13194: remove mail subject from spooler.log * ZCP-6294: allowed to create SYSTEM user * ZCP-6443: zarafa-admin tool mismatch password gives wrong notification * ZCP-7085: Updating the name of a non-active user will change it to an active user * ZCP-7296: Extension on the administrator manual
 
LinuxSecurity.com: Updated setup package fixes security vulnerability: An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them [More...]
 
LinuxSecurity.com: Updated perl-Module-Signature package fixes the following security vulnerabilities reported by John Lightsey: Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty [More...]
 
LinuxSecurity.com: Updated asterisk packages fix security vulnerability: When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate [More...]
 
LinuxSecurity.com: Updated tor packages fix security vulnerabilities: disgleirio discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible (CVE-2015-2928). [More...]
 
LinuxSecurity.com: Updated qemu packages fix security vulnerabilities: A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table (PRDT) data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use [More...]
 
LinuxSecurity.com: Updated php packages fix security vulnerabilities: Buffer Over-read in unserialize when parsing Phar (CVE-2015-2783). Buffer Overflow when parsing tar/zip/phar in phar_set_inode [More...]
 
Internet Storm Center Infocon Status