SSD Advisory – LibreOffice Impress Remote Control Use-after-Free Vulnerability

SecuriTeam Secure Disclosure
SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.

Introduction
LibreOffice is a powerful office suite; Its clean interface and its powerful tools let you unleash your creativity and grow your productivity. LibreOffice embeds several applications that make it the most powerful Free & Open Source Office suite on the market

Vulnerability Details
A vulnerability in LibreOffice’s Impress Remote Protocol, allows a remote attacker to cause the product to crash, potentially executing arbitrary code by sending the TCP port 1599 (used by the protocol) a malformed request.

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.

SSD Advisory – Adobe Reader Combobox Code Execution

SecuriTeam Secure Disclosure
SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.

Introduction
More powerful than other PDF software, Adobe Acrobat Reader DC is the free, trusted standard for viewing, printing, and annotating PDFs. And now, it’s connected to Adobe Document Cloud — so it’s easier than ever to work with PDFs on computers and mobile devices.

Vulnerability Details
A vulnerability in the way Adobe Reader handles comboxes allows a malicious user to send a specially crafted PDF file that once opened, and its presented combobox is accessed a code execution vulnerability can be triggered.

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.

SSD Advisory – Symantec Critical System Protection Remote Code Execution

SecuriTeam Secure Disclosure
SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.

Introduction
Symantec Critical System Protection provides policy-based behavior control and detection for server and desktop computers. Symantec Critical System Protection includes management console and server components, and agent components that enforce policies on computers.

Vulnerability Details
The agent control interface of the SCSP Server (sis-agent) is affected by a remote unauthenticated code execution vulnerability. This interface is used by the IDS/IPS agents to communicate with the SCSP server: register themselves, fetch policy updates, report events, etc. Since all the protected hosts need to communicate with the SCSP Server we can expect that this interface will be exposed to wide network ranges.

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.

SSD Advisory – Multiple Evernote Vulnerabilities

SecuriTeam Secure Disclosure
SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.

Introduction
Evernote lets you take notes, sync files across your devices, save webpages, capture inspiration, and share your ideas with friends and colleagues.

Vulnerability Details
Multiple vulnerabilities have been found in Evernote for Windows, these vulnerabilities can lead to remote code execution.

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.

OpenSSL ACCF Vulnerability (CVE-2015-1793)

A new vulnerability has been recently patched in OpenSSL:

During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate.

This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.

OpenSSL 1.0.2b/1.0.2c users should upgrade to 1.0.2d
OpenSSL 1.0.1n/1.0.1o users should upgrade to 1.0.1p

This issue was reported to OpenSSL on 24th June 2015 by Adam Langley/David Benjamin (Google/BoringSSL). The fix was developed by the BoringSSL project.

The vulnerability description and its lack of a cool name (Heartbleed, POODLE, etc) makes it feel like this vulnerability is not that critical as it was believed to be.

The circumstances that are required here and the outcome, are a bit weak at the moment – though as more details come to light, the severity could be better justified.

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.

SSD Advisory – AIX cmdlvm Vulnerability

SecuriTeam Secure Disclosure
SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.

Introduction
AIX (Advanced Interactive eXecutive) is a series of proprietary Unix operating systems developed and sold by IBM for several of its computer platforms. Originally released for the IBM 6150 RISC workstation, AIX now supports or has supported a wide variety of hardware platforms, including the IBM RS/6000 series and later POWER and PowerPC-based systems, IBM System i, System/370 mainframes, PS/2 personal computers, and the Apple Network Server.

Vulnerability Details
The running of lquerylv command with variable DBGCMD_LQUERYLV set may allow a local user to gain root privileges.

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.

SSD Adivsory – Roundcube Password Plugin

SecuriTeam Secure Disclosure
SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.

Introduction
Roundcube webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking.

Vulnerability Details
Roundcube 1.0.4 is shipped with the Password plugin version 3.4. It is, as any other plugin, disabled by default. Once enabled, it allows an authenticated user to change his current password in the web interface. For this purpose, the plugin offers several drivers that can be used to perform the actual password change in the back end. The DBMail driver suffers from a critical Remote Command Execution vulnerability that enables an attacker to execute arbitrary system commands with root privileges.

    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.

SSD Adivsory – eFront Multiple Vulnerabilities

SecuriTeam Secure Disclosure
SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.

Introduction
eFront is a powerful learning management system that fits your brand preferences and delivers effective online & blended learning. eFront can help you improve employee performance, ensure compliance, engage your workforce and support organizational goals. Trusted by hundreds of companies and organizations around the world, eFront is committed to assist you train people. Better.

Vulnerability Details
eFront (version 3.6.15 and possibly earlier) has been found to contain multiple vulnerabilities:

 

  • module_chat chat.php getChatHistory() ‘chat_with’ Parameter SQL Injection
  • scripts.php ‘load’ Parameter File Inclusion Code Execution
  • module_flashcards module_flashcards.class.php ‘view_deck’ Parameter SQL Injection
  • module_journal module_journal.class.php ‘edit_entry’ Parameter SQL Injection
  • module_crossword module_crossword_class.php getNavigationLinks() ‘view_list’ Parameter SQL Injection
  • module_bbb module_bbb_class.php ‘edit_BBB’ Parameter Blind SQL Injection
  • forum.class.php create() forum_id Parameter SQL Injection
    SecuriTeam Secure Disclosure

    SecuriTeam Secure Disclosure (SSD) helps researchers turn their vulnerability discovery skills into a highly paid career. Contact SSD to get the most for your hard work.