Thomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present and that the implemented rolling codes are predictable. By exploiting these two security issues, an attacker can simply desynchronize a wireless remote control by observing the current rolling code state, generating many valid rolling codes, and use them before the original wireless remote control. The Secvest wireless alarm system will ignore sent commands by the wireless remote control until the generated rolling code happens to match the window of valid rolling code values again. Depending on the number of used rolling codes by the attacker, a resynchronization without actually reconfiguring the wireless remote control could take quite a lot of time and effectless button presses. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.
1e8bdcc2aac5543c46a47138bfd7aaeba7d32444b036b9f6db96a45e4987806aThomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present at all. Thus, an attacker observing radio signals of an ABUS FUBE50014 wireless remote control is able to see all sensitive data of transmitted packets as cleartext and can analyze the used packet format and the communication protocol. For instance, this security issue could successfully be exploited to observe the current rolling code state of the wireless remote control and deduce the cryptographically weak used rolling code algorithm. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.
4fb6b1bb33c005b26a8192228bc5ffdcbbcb440ba5889e85c120133752973a41Ubuntu Security Notice 3919-1 - Two security issues were discovered in the JavaScript engine in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this by causing a denial of service, or executing arbitrary code.
ecb14fcd081b173399f246fce8890179bcb0a41de018aa2cecf0b53f8006c215Ubuntu Security Notice 3918-2 - USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick the user with confusing permission request prompts, obtain sensitive information, conduct social engineering attacks, or execute arbitrary code. A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. If a user were tricked in to opening a specially crafted website with Spectre mitigations disabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Upgrade-Insecure-Requests was incorrectly enforced for same-origin navigation. An attacker could potentially exploit this to conduct man-in-the-middle attacks. Various other issues were also addressed.
baa25a5f9ae8648296e1f99c1966e7547781f61b5bdbdab8d20e439a175726f1The VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user which results in the elevated process sharing resources such as COM registrations with the normal user who can modify the registry to force an arbitrary DLL to be loaded into the VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15.
032bc0791aa032c4cf3fd94b8d7db2846f5bc0d3465f7a023e94a81286eb18ffThe VMX process (vmware-vmx.exe) process configures and hosts an instance of VM. As is common with desktop virtualization platforms the VM host usually has privileged access into the OS such as mapping physical memory which represents a security risk. To mitigate this the VMX process is created with an elevated integrity level by the authentication daemon (vmware-authd.exe) which runs at SYSTEM. This prevents a non-administrator user opening the process and abusing its elevated access. Unfortunately the process is created as the desktop user and follows the common pattern of impersonating the user while calling CreateProcessAsUser. This is an issue as the user has the ability to replace any drive letter for themselves, which allows a non-admin user to hijack the path to the VMX executable, allowing the user to get arbitrary code running as a trusted VMX process. Affects VMware Workstation Windows version 14.1.5 (on Windows 10). Also tested on VMware Player version 15.0.2.
770beade272f39c1d6868fdb30316cb00f9c1a560eb4acdbffe3b9df7efe3b3bThomas Detert found out that the rolling codes implemented as replay protection in the radio communication protocol used by the ABUS Secvest wireless alarm system (FUAA50000) and its remote control (FUBE50014, FUB50015) is cryptographically weak.
92648a845f9e728c6b9724e16f7b0148e4f4b7d7c8d97744a46937db2cabc861Atlassian Confluence versions 6.6.0 up to 6.6.12, 6.12.0 up to 6.12.3, 6.13.0 up to 6.13.3, and 6.14.0 up to 6.14.2 suffer from a server-side request forgery vulnerability via WebDAV and a remote code execution vulnerability via the Widget Connector macro.
6815f5ede86e6165662c3fa9e98b1bc174808159c2c011d507237ad6bf678d74Debian Linux Security Advisory 4416-1 - It was discovered that Wireshark, a network traffic analyzer, contained several vulnerabilities in the dissectors for 6LoWPAN, P_MUL, RTSE, ISAKMP, TCAP, ASN.1 BER and RPCAP, which could result in denial of service.
4923164315ffe830992b78c8a35bfbda2fe22b2efad866ef9a249b31f9b8e128Debian Linux Security Advisory 4417-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
5e827118d4314ce38b8836b0d62ca89321473ccc11177fb9d6e74b7283c8566aDebian Linux Security Advisory 4415-1 - An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed through passenger-status.
9f057adda00e1dddddac99f3a6b2a364e00a4afe17f66947a1eafacbfce8d8c0Debian Linux Security Advisory 4414-1 - Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication.
52726faf9972bdc40520b09e2dba843e9c6c6e50405257ad5e1b837a3c5deaa6Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
66af6d11ff1524600d3da7dd5b27b137b12a933dc70ed079ecfcc9f2d8333f71Jettweb PHP Hazir Haber Sitesi Scripti version 3 suffers from multiple remote SQL injection vulnerabilities.
1dfdeff119f98894c17accc58259ed5c0d8c02c12603a27539fe482966363424Jettweb PHP Hazir Haber Sitesi Scripti version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d4ae00cf975e0bb60af51931f734a9a39e31fd1da9db18fefe3d40526da060daFive WordPress plugins suffer from open redirection vulnerabilities. Affected includes The-CL-Amazon-Thingy plugin version 1.0, Google Document Embedder version 2.5.8, VJ-Slider version 1.0, WPUSW plugin version 1.0, and Angsumans Translator Gold version 2.3.
36f1dd7eb09f0f5c42db2cb00886c36e29532e70f4ddb3ea55f9160ea164bca4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed