------------------------------------------------------------------------Arbitrary file read in Kaseya VSA------------------------------------------------------------------------Kin Hung Cheng, Robert Hartshorn, May 2017------------------------------------------------------------------------Abstract------------------------------------------------------------------------A security vulnerability was found in Kaseya VSA file download filefunctionality. Using this vulnerability an authenticated user in aKaseya VSA environment is able to download arbitrary files from theserver (including source code of Kaseya, the database backups,configuration files, and even windows files).------------------------------------------------------------------------Tested versions------------------------------------------------------------------------This issue was successfully tested on version R9.2------------------------------------------------------------------------Fix------------------------------------------------------------------------Patch to the latest version of VSA.------------------------------------------------------------------------Details------------------------------------------------------------------------https://www.securify.nl/advisory/SFY20170502/arbitrary-file-read-in-kaseya-vsa.html
------------------------------------------------------------------------Multiple vulnerabilities in VTech DigiGo allow browser overlay attack------------------------------------------------------------------------Sipke Mellema, September 2017------------------------------------------------------------------------Abstract------------------------------------------------------------------------VTech's DigiGo is a hand held smart device for children. The devicecontains a browser that allows children to connect to websites on awhitelist. Attackers can remotely add an entry to the whitelist toperform a persistent overlay attack on the browser app.------------------------------------------------------------------------Tested versions------------------------------------------------------------------------This issue was tested on a VTech DigiGo running firmware version83.60630. It is likely that other versions are also affected.------------------------------------------------------------------------Fix------------------------------------------------------------------------VTech pushed a firmware update to address this issue on 6 November,2017. The firmware version still displays as 83.60630.------------------------------------------------------------------------Details------------------------------------------------------------------------https://sumofpwn.nl/advisory/2017/multiple-vulnerabilities-in-vtech-digigo-allow-browser-overlay-attack.html
------------------------------------------------------------------------Broken TLS certificate validation in VTech DigiGo browser------------------------------------------------------------------------Sipke Mellema, September 2017------------------------------------------------------------------------Abstract------------------------------------------------------------------------VTech's DigiGo is a hand held smart device for children. The web browserincluded in the DigiGo does not validate TLS certificates when creatingsecure connections, allowing man in the middle attacks on web traffic.------------------------------------------------------------------------Tested versions------------------------------------------------------------------------This issue was tested on a VTech DigiGo running firmware version83.60630. It is likely that other versions are also affected.------------------------------------------------------------------------Fix------------------------------------------------------------------------VTech pushed a firmware update to address this issue on 30 November,2017. The firmware version still displays as 83.60630.------------------------------------------------------------------------Details------------------------------------------------------------------------https://sumofpwn.nl/advisory/2017/broken-tls-certificate-validation-in-vtech-digigo-browser.html
[slackware-security] irssi (SSA:2018-008-01)New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -currentto fix security issues.Here are the details from the Slackware 14.2 ChangeLog:+--------------------------+patches/packages/irssi-1.0.6-i586-1_slack14.2.txz: Upgraded. This update fixes multiple security vulnerabilities. For more information, see: https://irssi.org/security/irssi_sa_2018_01.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5205 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5206 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5207 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5208 (* Security fix *)+--------------------------+Where to find the new packages:+-----------------------------+Thanks to the friendly folks at the OSU Open Source Lab(http://osuosl.org) for donating FTP and rsync hostingto the Slackware project! :-)Also see the "Get Slack" section on http://slackware.com foradditional mirror sites near you.Updated package for Slackware 14.0:ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/irssi-1.0.6-i486-1_slack14.0.txzUpdated package for Slackware x86_64 14.0:ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/irssi-1.0.6-x86_64-1_slack14.0.txzUpdated package for Slackware 14.1:ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/irssi-1.0.6-i486-1_slack14.1.txzUpdated package for Slackware x86_64 14.1:ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/irssi-1.0.6-x86_64-1_slack14.1.txzUpdated package for Slackware 14.2:ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/irssi-1.0.6-i586-1_slack14.2.txzUpdated package for Slackware x86_64 14.2:ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/irssi-1.0.6-x86_64-1_slack14.2.txzUpdated package for Slackware -current:ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/irssi-1.0.6-i586-1.txzUpdated package for Slackware x86_64 -current:ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/irssi-1.0.6-x86_64-1.txzMD5 signatures:+-------------+Slackware 14.0 package:f8ed890e54c7464618616b2ae95724af irssi-1.0.6-i486-1_slack14.0.txzSlackware x86_64 14.0 package:10a12607dfac6b996442f7463f4e7342 irssi-1.0.6-x86_64-1_slack14.0.txzSlackware 14.1 package:51e380c175ec41a6cb947a2c0b3e7d7a irssi-1.0.6-i486-1_slack14.1.txzSlackware x86_64 14.1 package:271e3af4c64640b778f94e2612bfb477 irssi-1.0.6-x86_64-1_slack14.1.txzSlackware 14.2 package:5692a612b1c90f7c9724296adc04404f irssi-1.0.6-i586-1_slack14.2.txzSlackware x86_64 14.2 package:2433d5d8ac7570e95b3804a99e6cf06b irssi-1.0.6-x86_64-1_slack14.2.txzSlackware -current package:cf4e27ad7ba625ee4bf230712e371070 n/irssi-1.0.6-i586-1.txzSlackware x86_64 -current package:d7adea982f907b4e5ec83f52b4b73d7d n/irssi-1.0.6-x86_64-1.txzInstallation instructions:+------------------------+Upgrade the package as root:# upgradepkg irssi-1.0.6-i586-1_slack14.2.txz+-----+Slackware Linux Security Teamhttp://slackware.com/gpg-keysecurity@slackware.com
Note: the current version of the following document is available here:https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_usSUPPORT COMMUNICATION - SECURITY BULLETINDocument ID: hpesbhf03805en_usVersion: 4HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel,AMD, and ARM, with Speculative Execution, Elevation of Privilege andInformation Disclosure.NOTICE: The information in this Security Bulletin should be acted upon assoon as possible.Release Date: 2018-01-10Last Updated: 2018-01-09Potential Security Impact: Local: Disclosure of Information, Elevation ofPrivilegeSource: Hewlett Packard Enterprise, Product Security Response TeamVULNERABILITY SUMMARYOn January 3 2018, side-channel security vulnerabilities involvingspeculative execution were publicly disclosed. These vulnerabilities mayimpact the listed HPE products, potentially leading to information disclosureand elevation of privilege. Mitigation and resolution of thesevulnerabilities may call for both an operating system update, provided by theOS vendor, and a system ROM update from HPE.**Note:** * This issue takes advantage of techniques commonly used in many modernprocessor architectures. * For further information, microprocessor vendors have provided securityadvisories: - Intel:<https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088&langu
geid=en-fr> - AMD: <http://www.amd.com/en/corporate/speculative-execution> - ARM: <https://developer.arm.com/support/security-update>References: - PSRT110634 - PSRT110633 - PSRT110632 - CVE-2017-5715 - aka Spectre, branch target injection - CVE-2017-5753 - aka Spectre, bounds check bypass - CVE-2017-5754 - aka Meltdown, rogue data cache load, memory accesspermission check performed after kernel memory readSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE ProLiant DL380 Gen10 Server prior to v1.28 - HPE ProLiant DL180 Gen10 Server prior to v1.28 - HPE ProLiant DL160 Gen10 Server prior to v1.28 - HPE ProLiant DL360 Gen10 Server prior to v1.28 - HPE ProLiant ML110 Gen10 Server prior to v1.28 - HPE ProLiant DL580 Gen10 Server prior to v1.28 - HPE ProLiant DL560 Gen10 Server prior to v1.28 - HPE ProLiant DL120 Gen10 Server prior to v1.28 - HPE ProLiant ML350 Gen10 Server prior to v1.28 - HPE ProLiant XL450 Gen10 Server prior to v1.28 - HPE ProLiant XL170r Gen10 Server prior to v1.28 - HPE ProLiant BL460c Gen10 Server Blade prior to v1.28 - HPE ProLiant XL230a Gen9 Server prior to v2.54 - HPE ProLiant XL230k Gen10 Server prior to v1.28 - HPE ProLiant XL730f Gen9 Server prior to v2.54 - HPE ProLiant XL740f Gen9 Server prior to v2.54 - HPE ProLiant XL750f Gen9 Server prior to v2.54 - HPE ProLiant XL170r Gen9 Server prior to v2.54 - HP ProLiant DL60 Gen9 Server prior to v2.54 - HPE ProLiant XL450 Gen9 Server prior to v2.54 - HP ProLiant DL160 Gen9 Server prior to v2.54 - HPE Apollo 4200 Gen9 Server prior to v2.54 - HP ProLiant BL460c Gen9 Server Blade prior to v2.54 - HP ProLiant ML110 Gen9 Server prior to v2.54 - HP ProLiant ML150 Gen9 Server prior to v2.54 - HPE ProLiant ML350 Gen9 Server prior to v2.54 - HP ProLiant DL380 Gen9 Server prior to v2.54 - HP ProLiant DL120 Gen9 Server prior to v2.54 - HPE ProLiant DL560 Gen9 Server prior to v2.54 - HPE ProLiant XL270d Gen9 Special Server prior to v2.54 - HP ProLiant BL660c Gen9 Server prior to v2.54 - HPE ProLiant m710x Server Cartridge prior to v1.60 - HPE ProLiant DL20 Gen9 Server prior to v2.52 - HPE ProLiant DL385 Gen10 Server prior to v1.04 - HPE Synergy 660 Gen9 Compute Module prior to v2.54 - HPE Synergy 480 Gen10 Compute Module prior to v1.28 - HPE Synergy 480 Gen9 Compute Module prior to v2.54 - HPE ProLiant ML30 Gen9 Server prior to v2.52 - HPE ProLiant XL190r Gen10 Server prior to v1.28 - HPE ProLiant XL250a Gen9 Server prior to v2.54 - HPE ProLiant XL190r Gen9 Server prior to v2.54 - HP ProLiant DL80 Gen9 Server prior to v2.54 - HPE ProLiant DL180 Gen9 Server prior to v2.54 - HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Serverprior to v2.54 - HPE ProLiant WS460c Gen9 Workstation prior to v2.54 - HPE ProLiant DL580 Gen9 Special Server prior to v2.54 - HPE Synergy 680 Gen9 Compute Modules prior to v2.54 - HPE ProLiant XL260a Gen9 Server prior to 1/22/2018 - HPE ProLiant m510 Server Cartridge prior to 1/22/2018 - HPE ProLiant m710p Server Cartridge prior to 12/12/2017 - HP ProLiant m350 Server Cartridge prior to 12/12/2017 - HP ProLiant m300 Server Cartridge prior to 12/12/2017 - HP ProLiant ML350e Gen8 Server prior to 12/12/2017 - HPE ProLiant ML350e Gen8 v2 Server prior to 12/12/2017 - HP ProLiant BL460c Gen8 Server prior to 12/12/2017 - HP ProLiant BL660c Gen8 Server prior to 12/12/2017 - HPE ProLiant SL4540 Gen8 1 Node Server prior to 12/12/2017 - HP ProLiant DL380e Gen8 Server prior to 12/12/2017 - HP ProLiant DL360e Gen8 Server prior to 12/12/2017 - HP ProLiant ML350p Gen8 Server prior to 12/12/2017 - HP ProLiant DL360p Gen8 Server prior to 12/12/2017 - HP ProLiant DL380p Gen8 Server prior to 12/12/2017 - HP ProLiant DL320e Gen8 Server prior to 12/12/2017 - HPE ProLiant DL320e Gen8 v2 Server prior to 12/12/2017 - HP ProLiant ML310e Gen8 Server prior to 12/12/2017 - HPE ProLiant ML310e Gen8 v2 Server prior to 12/12/2017 - HP ProLiant DL160 Gen8 Server prior to 12/12/2017 - HP ProLiant SL270s Gen8 Server prior to 12/12/2017 - HP ProLiant SL250s Gen8 Server prior to 12/12/2017 - HP ProLiant SL230s Gen8 Server prior to 12/12/2017 - HP ProLiant DL560 Gen8 Server prior to 12/12/2017 - HPE ProLiant SL210t Gen8 Server prior to 12/12/2017 - HP ProLiant DL580 Gen8 Server prior to 12/12/2017 (v1.98) - HP ProLiant ML10 Server prior to 12/12/2017 - HP ProLiant m710 Server Cartridge prior to 12/12/2017 (v1.60) - HPE Synergy Composer prior to 12/12/2017 - HPE Integrity Superdome X with BL920s Blades prior to 8.8.6 - HPE Superdome Flex Server prior to 2.3.110 - HP ProLiant DL360 Gen9 Server prior to v2.54 - HPE Synergy 620 Gen9 Compute Module prior to v2.54 - HPE ProLiant Thin Micro TM200 Server prior to 1/16/2017 - HPE ProLiant ML350 Gen10 Server prior to v1.28 - HP ProLiant BL420c Gen8 Server prior to 12/12/2017 - HPE ProLiant ML10 v2 Server prior to 12/12/2017 - HPE ProLiant MicroServer Gen8 prior to 12/12/2017 - HPE Synergy 660 Gen10 Compute Module prior to v1.28BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-5715 8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N 6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N) CVE-2017-5753 5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5754 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here:https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499RESOLUTIONHPE has made the following system ROM updates which include an updatedmicrocode to resolve the vulnerability: * HPE has provided a customer bulletin<https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us>with specific instructions to obtain the udpated sytem ROM - Note: + CVE-2017-5715 requires that the System ROM be updated and a vendorsupplied operating system update be applied as well. + For CVE-2017-5753, CVE-2017-5754 require only updates of a vendorsupplied operating system. + HPE will continue to add additional products to the list. Not alllisted products have updated system ROMs yet. Impacted products awaitingsystem ROM updates are marked TBS (to be supplied).HISTORYVersion:1 (rev.1) - 4 January 2018 Initial releaseVersion:2 (rev.2) - 5 January 2018 Added additional impacted productsVersion:3 (rev.3) - 10 January 2018 Added more impacted productsVersion:4 (rev.4) - 9 January 2018 Fixed product IDThird Party Security Patches: Third party security patches that are to beinstalled on systems running Hewlett Packard Enterprise (HPE) softwareproducts should be applied in accordance with the customer's patch managementpolicy.Support: For issues about implementing the recommendations of this SecurityBulletin, contact normal HPE Services support channel. For other issues aboutthe content of this Security Bulletin, send e-mail to security-alert@hpe.com.Report: To report a potential security vulnerability for any HPE supportedproduct: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.comSubscribe: To initiate a subscription to receive future HPE Security Bulletinalerts via Email: http://www.hpe.com/support/Subscriber_ChoiceSecurity Bulletin Archive: A list of recently released Security Bulletins isavailable here: http://www.hpe.com/support/Security_Bulletin_ArchiveSoftware Product Category: The Software Product Category is represented inthe title by the two characters following HPSB.3C = 3COM3P = 3rd Party SoftwareGN = HPE General SoftwareHF = HPE Hardware and FirmwareMU = Multi-Platform SoftwareNS = NonStop ServersOV = OpenVMSPV = ProCurveST = Storage SoftwareUX = HP-UXCopyright 2016 Hewlett Packard EnterpriseHewlett Packard Enterprise shall not be liable for technical or editorialerrors or omissions contained herein. The information provided is provided"as is" without warranty of any kind. To the extent permitted by law, neitherHP or its affiliates, subcontractors or suppliers will be liable forincidental,special or consequential damages including downtime cost; lostprofits; damages relating to the procurement of substitute products orservices; or damages for loss of data, or software restoration. Theinformation in this document is subject to change without notice. HewlettPackard Enterprise and the names of Hewlett Packard Enterprise productsreferenced herein are trademarks of Hewlett Packard Enterprise in the UnitedStates and other countries. Other product and company names mentioned hereinmay be trademarks of their respective owners.