2017 m. sausio 25 d., trečiadienis

ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability 

ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2016-143
CVE Identifier: CVE-2016-8213
Severity Rating: CVSS v3 Base Score: 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) 

Affected products:  
• EMC Documentum Webtop –
o Version 6.8, prior to P18
o Version 6.8.1, prior to P06
• EMC Documentum TaskSpace version 6.7SP3, prior to P02
• EMC Documentum Capital Projects –
o Version 1.9, prior to P30
o Version 1.10, prior to P17
• EMC Documentum Administrator – 
o Version 7.0
o Version 7.1
o Version 7.2, prior to P18


Summary:  
EMC Documentum Webtop and its client products contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. 

Details:  
EMC Documentum Webtop and its client products are affected by a Stored Cross-Site Scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or Javascript code in the user’s browser session in the context of the affected application. 
Resolution:  
The following EMC Documentum product releases contain resolution to this vulnerability:
• EMC Documentum Webtop –
o Version 6.8, P18 and later
o Version 6.8.1, P06 and later
• EMC Documentum TaskSpace version 6.7SP3, P03 and later
• EMC Documentum Capital Projects –
o Version 1.9, P30 and later
o Version 1.10, P17 and later
• EMC Documentum Administrator version 7.2, P18 and later

EMC recommends all customers upgrade at the earliest opportunity. 


Link to remedies:
• EMC Documentum Webtop - https://support.emc.com/products/5075_Documentum-Webtop
• EMC Documentum TaskSpace - https://support.emc.com/downloads/4705_Documentum-TaskSpace 
• EMC Documentum Capital Projects - https://support.emc.com/downloads/33010_Documentum-Capital-Projects
• EMC Documentum Administrator - https://support.emc.com/downloads/2227_Documentum-Administrator 

Credit:
EMC would like to thank Imran Khan @Netizen01k for reporting this vulnerability.

[The following is standard text included in all security advisories.  Please do not change or delete.]

Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867.

For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
Pranešimą parašė ties Komentarų nėra:

ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability 

ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability 

EMC Identifier: ESA-2016-161 

CVE Identifier:  CVE-2016-9870

Severity Rating: CVSS v3 Base Score: 6.0 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)

Affected products:  
• EMC Isilon OneFS 8.0.0.0
• EMC Isilon OneFS 7.2.1.0 - 7.2.1.2
• EMC Isilon OneFS 7.2.0.x
• EMC Isilon OneFS 7.1.1.0 - 7.1.1.10
• EMC Isilon OneFS 7.1.0.x

Summary:  
EMC Isilon OneFS is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system.

Details: 
A malicious high-privileged local user may leverage the LDAP injection vulnerability by injecting an asterisk into a username in LDAP searches, which may enable the attacker to impersonate other users on the system.

Resolution:  
The following versions of EMC Isilon OneFS remediate this vulnerability:   
• EMC Isilon OneFS 8.0.0.1 and later
• EMC Isilon OneFS 7.2.1.3 and later
• EMC Isilon OneFS 7.1.1.11 and later
EMC recommends that all customers upgrade to a version containing the resolution at the earliest opportunity. If you cannot upgrade at this time, you can perform the workaround below.
Workaround:
Do not allow asterisks in user names. 

Link to remedies:
Registered EMC Online Support customers can download OneFS installation files from the Downloads for Isilon OneFS page of the EMC Online Support site at https://support.emc.com/downloads/15209_Isilon-OneFS. 

If you have any questions, please contact EMC Support.


Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867.

For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
Pranešimą parašė ties Komentarų nėra:

[RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection

RCE Security Advisory
https://www.rcesecurity.com


1. ADVISORY INFORMATION
=======================
Product:        Mattermost
Vendor URL:     www.mattermost.org
Type:           Cross-site Scripting [CWE-79]
Date found:     02/12/2016
Date published: 16/01/2017
CVSSv3 Score:   4.7 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)
CVE:            -


2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE Security.


3. VERSIONS AFFECTED
====================
Mattermost v3.5.1
Mattermost v3.5.0
older versions may be affected too.


4. INTRODUCTION
===============
Mattermost is an open source Slack-alternative built for enterprise.
Thousands of companies use Mattermost for workplace messaging across
web, PC and phones with archiving, search, corporate directory
integration and connectivity to over 700 third party applications.
Available under MIT license in 11 languages Mattermost offers
peace-of-mind, value, control, and freedom from lock-in for
organizations around the world.


5. VULNERABILITY DETAILS
========================
The Mattermost "/error" page is vulnerable to an unauthenticated
reflected Cross-Site Scripting vulnerability when user-supplied input to
the HTTP GET parameter "link" is processed by the web application. Since
the application does not properly validate and sanitize this parameter,
it is possible to set the return link, which is part of the error page,
to a base64 encoded DATA URI. This could be used to execute arbitrary
JavaScript code in the context of an authenticated as well as
unauthenticated user.

There is one restriction which reduces the attack likelihood: Due to
JavaScript validations it is not possible to execute the payload by a
simple click on the return link, but instead it must be opened in a new
browser tab or window. However since an attacker does also have all
other text elements (HTTP GET parameters "title" and "linkmessage") of
the error page under control, it is possible to perform social
engineering attacks on the very same page.

The following Proof-of-Concept triggers this vulnerability by injecting
a base64-encoded data URI and a spoofed content text for the title and
link message:

https://localhost/error?title=Unknown%20Error&link=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=&linkmessage=http://mattermost.org&message=Something%20went%20wrong%20with%20the%20provided%20link,%20open%20it%20with%20a%20right%20click%20instead!

The payload is afterwards reflected within the response body:

<div class="error__container"><div class="error__icon"><i class="fa
fa-exclamation-triangle"></i><
/div><h2>Unknown
Error</h2><div><p>Something went wrong with the provided link, open it
with a right click instead!</p>
</div><a
href="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=">http://mattermost.org</a></div>


6. RISK
=======
To successfully exploit this vulnerability an authenticated or
unauthenticated user must be tricked into visiting a prepared link
provided by the attacker. Once on the "/error" page, the user must also
be tricked into opening the link in a new tab or window, which can be
accomplished by spoofing the other elements of the error page.

The vulnerability can be used to temporarily embed arbitrary script code
into the context of the Mattermost error page, which offers a wide range
of possible attacks such as redirecting the user to a malicious page or
attacking the browser and its plugins. Since session-relevant cookies
are protected with the HttpOnly flag, it is not possible to hijack sessions.


7. SOLUTION
===========
Update to Mattermost v3.6.0.


8. REPORT TIMELINE (DD/MM/YYYY)
===============================
02/12/2016: Discovery of the vulnerability
02/12/2016: Created support ticket #2231 with preset disclosure date
            set to 16/01/2017
12/12/2016: No response, sent out another notification
12/12/2016: Vendor confirms the vulnerability
03/01/2017: No further response, sent reminder about the disclosure date
16/01/2017: Vendor releases v3.6.0 which fixes this vulnerability
18/01/2017: Advisory released


9. REFERENCES
Pranešimą parašė ties Komentarų nėra:

Novel Contributions to the Field - How I broke MySQL's codebase (Part 2) [CVE-2016-5541] MySQL Cluster 0day

**************************************************
   (c) 2017   Advanced Information Security Corporation and Oracle Inc.

  ******************************
********************

Author: Nicholas Lemonias
Date: 17/01/2017

MySQL Remote 0day / Remote Buffer Overflows in 'NDBAPI' Cluster

Full report with technical details can be obtained from:

https://www.docdroid.net/hwLnQVr/cve-2016-5541.pdf.html


(References)

[1] Oracle Critical Patch Update - January 2017. 2017. Oracle Critical Patch Update - January 2017.
[ONLINE] Available at: http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
Pranešimą parašė ties Komentarų nėra:
Užsisakykite: Pranešimai (Atom)