VARIoT IoT vulnerabilities database
| VAR-201401-0265 | CVE-2013-6643 | Google Chrome of browser/ui/views/sync/one_click_signin_bubble_view.cc In any Google Vulnerability that triggers account synchronization |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. Google Chrome is prone to an unspecified security vulnerability.
The impact of this issue is currently unknown. We will update this BID when more information emerges.
Note: This issue was previously covered in BID 64805 (Google Chrome Prior to 32.0.1700.76 Multiple Security Vulnerabilities), but has been given its own record for better documentation. Google Chrome is a web browser developed by Google (Google). The ' A security vulnerability exists in OneClickSigninBubbleView::WindowClosing' function. The vulnerability stems from the program's incorrect handling of untrusted login confirmation boxes. An attacker could exploit this vulnerability to sync any Google account. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201403-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium, V8: Multiple vulnerabilities
Date: March 05, 2014
Bugs: #486742, #488148, #491128, #491326, #493364, #498168,
#499502, #501948, #503372
ID: 201403-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium and V8, worst
of which may allow execution of arbitrary code.
Background
==========
Chromium is an open-source web browser project. V8 is Google's open
source JavaScript engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 33.0.1750.146 >= 33.0.1750.146
2 dev-lang/v8 < 3.20.17.13 Vulnerable!
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below
for details.
Impact
======
A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition. Furthermore, a remote
attacker may be able to bypass security restrictions or have other
unspecified impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-33.0.1750.1=
46"
Gentoo has discontinued support for separate V8 package. We recommend
that users unmerge V8:
# emerge --unmerge "dev-lang/v8"
References
==========
[ 1 ] CVE-2013-2906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2906
[ 2 ] CVE-2013-2907
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2907
[ 3 ] CVE-2013-2908
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2908
[ 4 ] CVE-2013-2909
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2909
[ 5 ] CVE-2013-2910
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2910
[ 6 ] CVE-2013-2911
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2911
[ 7 ] CVE-2013-2912
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2912
[ 8 ] CVE-2013-2913
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2913
[ 9 ] CVE-2013-2915
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2915
[ 10 ] CVE-2013-2916
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2916
[ 11 ] CVE-2013-2917
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2917
[ 12 ] CVE-2013-2918
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2918
[ 13 ] CVE-2013-2919
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2919
[ 14 ] CVE-2013-2920
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2920
[ 15 ] CVE-2013-2921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2921
[ 16 ] CVE-2013-2922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2922
[ 17 ] CVE-2013-2923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2923
[ 18 ] CVE-2013-2925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925
[ 19 ] CVE-2013-2926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926
[ 20 ] CVE-2013-2927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927
[ 21 ] CVE-2013-2928
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928
[ 22 ] CVE-2013-2931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2931
[ 23 ] CVE-2013-6621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6621
[ 24 ] CVE-2013-6622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6622
[ 25 ] CVE-2013-6623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6623
[ 26 ] CVE-2013-6624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6624
[ 27 ] CVE-2013-6625
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6625
[ 28 ] CVE-2013-6626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6626
[ 29 ] CVE-2013-6627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6627
[ 30 ] CVE-2013-6628
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6628
[ 31 ] CVE-2013-6632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632
[ 32 ] CVE-2013-6634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634
[ 33 ] CVE-2013-6635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635
[ 34 ] CVE-2013-6636
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636
[ 35 ] CVE-2013-6637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637
[ 36 ] CVE-2013-6638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638
[ 37 ] CVE-2013-6639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639
[ 38 ] CVE-2013-6640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640
[ 39 ] CVE-2013-6641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6641
[ 40 ] CVE-2013-6643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6643
[ 41 ] CVE-2013-6644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6644
[ 42 ] CVE-2013-6645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6645
[ 43 ] CVE-2013-6646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6646
[ 44 ] CVE-2013-6649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6649
[ 45 ] CVE-2013-6650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6650
[ 46 ] CVE-2013-6652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6652
[ 47 ] CVE-2013-6653
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6653
[ 48 ] CVE-2013-6654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6654
[ 49 ] CVE-2013-6655
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6655
[ 50 ] CVE-2013-6656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6656
[ 51 ] CVE-2013-6657
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6657
[ 52 ] CVE-2013-6658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6658
[ 53 ] CVE-2013-6659
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6659
[ 54 ] CVE-2013-6660
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6660
[ 55 ] CVE-2013-6661
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6661
[ 56 ] CVE-2013-6663
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6663
[ 57 ] CVE-2013-6664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6664
[ 58 ] CVE-2013-6665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6665
[ 59 ] CVE-2013-6666
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6666
[ 60 ] CVE-2013-6667
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6667
[ 61 ] CVE-2013-6668
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6668
[ 62 ] CVE-2013-6802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802
[ 63 ] CVE-2014-1681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1681
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201403-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2862-1 security@debian.org
http://www.debian.org/security/ Michael Gilbert
February 16, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
Vulnerability : several
CVE ID : CVE-2013-6641 CVE-2013-6643 CVE-2013-6644 CVE-2013-6645
CVE-2013-6646 CVE-2013-6649 CVE-2013-6650
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2013-6641
Atte Kettunen discovered a use-after-free issue in Blink/Webkit form
elements.
CVE-2013-6643
Joao Lucas Melo Brasio discovered a Google account information
disclosure issue related to the one-click sign-on feature.
CVE-2013-6644
The chrome development team discovered and fixed multiple issues with
potential security impact.
CVE-2013-6645
Khalil Zhani discovered a use-after-free issue related to speech input.
CVE-2013-6646
Colin Payne discovered a use-after-free issue in the web workers
implementation.
CVE-2013-6649
Atte Kettunen discovered a use-after-free issue in the Blink/Webkit
SVG implementation.
CVE-2013-6650
Christian Holler discovered a memory corruption in the v8 javascript
library.
For the stable distribution (wheezy), these problems have been fixed in
version 32.0.1700.123-1~deb7u1.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 32.0.1700.123-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJTAPwuAAoJELjWss0C1vRzHu0f/i51htbha+JCafx87gIm1vU/
z2cLhHDzWEKk47Bhl8Y0BJzl5lMCwAxmBfKaHLLz2/UQvNY4Eva1Jsj0o297KX1z
qHl32L0yAblue5n+iWmccx9/vZ2d0Bj0/tYk8LGZ2W4IzzqhNbRsV2Grq14mA6N0
ne9EMmsJenir8tQBk1GD8yFA4QWStzIxGt0Mmvtt8EdE7Vwk6cBb5wProY9aFwCX
hsui4ysoZL6kZdmlN/hrrZmtA8j7Vnq8v/sgAKZgvXY/b0tBjWQOGyDdDBEECtk7
Y991Zg8IhQCBwt1euICFVKGkdAwq/6mlJAxKJEnzlvj9hw3TiWTFFSkk3fqQJkT1
T/aDoWrGUsPc0iDYo0GrFsJejLvD3jznQiWLU21b+j8GYS6gJoZJDbv8VCwoCHCn
rG+NiRoI9p1DwTWTOSs3h3ypp8On77CC0w3VsNErVv0+GMxQteo+2W85R2AxhdWH
B5RnDfxS/J6DG6dlkkjf3mkUxbT2VidT0TZMDFtqKwREiyEaXRMuUm9BmIIixO2W
nJybfpYJVKmlDsJjmMq6+1jUL1nXAm8AtbWEHS/yHapqlykOSjA2zt4UqOSaOVwz
x5ZiWB5aVf13atISUTJsv6tSZ3OnBjUzW0wHM4D+cw8DMjC9ruoqpoy3hsToCBvi
CesvjFirPNQnQQmltaNvek6lT9b1C8W5lm3IQhj9jiylAPF15Lenfk1YrxTMQ6cd
EI6mRCDCeF1gq1lRopVJkbY0AuHWRHHQpwgiyuAznY+E3iKSksAVVZVfcoO70jxY
q6Ht3lXT5g6tF5GbGE1gZAZn6rm5M3I8fRkBq/7hiKV77ex8g8EdtgvDzN0Jipea
VGL/yQo5/Bn2h+600tWurExSKNlbvUkoTL2/ORJDl79J3n6C8XSGG9I3IpAw/ncx
u26fOfxuQGw/y18QkCvW+J3s8i8v3sdn2NjDI/rS0djUGN4KTZRMFajvthYf1IJg
KhbO/d5D+iZGqNC+B5S8RnDj91xW/tL4KG3hcYlrfRH6o4F1BSeh7q/kQDpnZSNt
z6jXGl1bnPlACRDTDWSNTci2NnlVIj6qIB8V5Lf9BAEDHgQS/Gvv+hVwqJZqIiKC
gdpWEdhZEw4ExsFT8oOUqINbXIG68YujeUwC5gBXStA5YZbnJBMuVU05BOB/3Gsp
zX7W0IEUxaTrDmKqNLNilZ5soBl63Dei4hOOnsnVvBDfuO6HEJNd/kVzB5nV4yYZ
0tujnudHHdfHFVhonzrbUu75Ryk9Y36Md0+cp2n51na2BK2ljdOUUab5x3xbFTQo
PsuIbyJJIrRt+t0cu4S7X47ajZMH/cpQLJTZO0jCeWIOvlX00EyXXtDhLa+sPkA=
=yzUa
-----END PGP SIGNATURE-----
| VAR-201401-0263 | CVE-2013-6641 | Google Chrome Used in Blink of core/html/FormAssociatedElement.cpp Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element. Google Chrome is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser and gain unauthorized access, spoof the displayed URI in the address bar, or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 32.0.1700.76 are vulnerable.
Note: The issue described by CVE-2013-6643 has been moved to BID 64981 (Google Chrome CVE-2013-6643 Unspecified Security Vulnerability) for better documentation. Google Chrome is a web browser developed by Google (Google). Blink is a browser typesetting engine (rendering engine) jointly developed by Google and Opera Software. A remote attacker could exploit this vulnerability to cause a denial of service or other effects. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201403-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium, V8: Multiple vulnerabilities
Date: March 05, 2014
Bugs: #486742, #488148, #491128, #491326, #493364, #498168,
#499502, #501948, #503372
ID: 201403-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium and V8, worst
of which may allow execution of arbitrary code.
Background
==========
Chromium is an open-source web browser project. V8 is Google's open
source JavaScript engine.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 33.0.1750.146 >= 33.0.1750.146
2 dev-lang/v8 < 3.20.17.13 Vulnerable!
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Chromium and V8.
Please review the CVE identifiers and release notes referenced below
for details.
Impact
======
A context-dependent attacker could entice a user to open a specially
crafted web site or JavaScript program using Chromium or V8, possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition. Furthermore, a remote
attacker may be able to bypass security restrictions or have other
unspecified impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-33.0.1750.1=
46"
Gentoo has discontinued support for separate V8 package. We recommend
that users unmerge V8:
# emerge --unmerge "dev-lang/v8"
References
==========
[ 1 ] CVE-2013-2906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2906
[ 2 ] CVE-2013-2907
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2907
[ 3 ] CVE-2013-2908
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2908
[ 4 ] CVE-2013-2909
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2909
[ 5 ] CVE-2013-2910
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2910
[ 6 ] CVE-2013-2911
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2911
[ 7 ] CVE-2013-2912
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2912
[ 8 ] CVE-2013-2913
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2913
[ 9 ] CVE-2013-2915
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2915
[ 10 ] CVE-2013-2916
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2916
[ 11 ] CVE-2013-2917
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2917
[ 12 ] CVE-2013-2918
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2918
[ 13 ] CVE-2013-2919
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2919
[ 14 ] CVE-2013-2920
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2920
[ 15 ] CVE-2013-2921
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2921
[ 16 ] CVE-2013-2922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2922
[ 17 ] CVE-2013-2923
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2923
[ 18 ] CVE-2013-2925
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2925
[ 19 ] CVE-2013-2926
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2926
[ 20 ] CVE-2013-2927
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2927
[ 21 ] CVE-2013-2928
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2928
[ 22 ] CVE-2013-2931
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2931
[ 23 ] CVE-2013-6621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6621
[ 24 ] CVE-2013-6622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6622
[ 25 ] CVE-2013-6623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6623
[ 26 ] CVE-2013-6624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6624
[ 27 ] CVE-2013-6625
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6625
[ 28 ] CVE-2013-6626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6626
[ 29 ] CVE-2013-6627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6627
[ 30 ] CVE-2013-6628
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6628
[ 31 ] CVE-2013-6632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6632
[ 32 ] CVE-2013-6634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6634
[ 33 ] CVE-2013-6635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6635
[ 34 ] CVE-2013-6636
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6636
[ 35 ] CVE-2013-6637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6637
[ 36 ] CVE-2013-6638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6638
[ 37 ] CVE-2013-6639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6639
[ 38 ] CVE-2013-6640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6640
[ 39 ] CVE-2013-6641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6641
[ 40 ] CVE-2013-6643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6643
[ 41 ] CVE-2013-6644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6644
[ 42 ] CVE-2013-6645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6645
[ 43 ] CVE-2013-6646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6646
[ 44 ] CVE-2013-6649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6649
[ 45 ] CVE-2013-6650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6650
[ 46 ] CVE-2013-6652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6652
[ 47 ] CVE-2013-6653
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6653
[ 48 ] CVE-2013-6654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6654
[ 49 ] CVE-2013-6655
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6655
[ 50 ] CVE-2013-6656
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6656
[ 51 ] CVE-2013-6657
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6657
[ 52 ] CVE-2013-6658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6658
[ 53 ] CVE-2013-6659
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6659
[ 54 ] CVE-2013-6660
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6660
[ 55 ] CVE-2013-6661
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6661
[ 56 ] CVE-2013-6663
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6663
[ 57 ] CVE-2013-6664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6664
[ 58 ] CVE-2013-6665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6665
[ 59 ] CVE-2013-6666
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6666
[ 60 ] CVE-2013-6667
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6667
[ 61 ] CVE-2013-6668
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6668
[ 62 ] CVE-2013-6802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6802
[ 63 ] CVE-2014-1681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1681
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201403-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2862-1 security@debian.org
http://www.debian.org/security/ Michael Gilbert
February 16, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
Vulnerability : several
CVE ID : CVE-2013-6641 CVE-2013-6643 CVE-2013-6644 CVE-2013-6645
CVE-2013-6646 CVE-2013-6649 CVE-2013-6650
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2013-6641
Atte Kettunen discovered a use-after-free issue in Blink/Webkit form
elements.
CVE-2013-6643
Joao Lucas Melo Brasio discovered a Google account information
disclosure issue related to the one-click sign-on feature.
CVE-2013-6644
The chrome development team discovered and fixed multiple issues with
potential security impact.
CVE-2013-6645
Khalil Zhani discovered a use-after-free issue related to speech input.
CVE-2013-6646
Colin Payne discovered a use-after-free issue in the web workers
implementation.
CVE-2013-6649
Atte Kettunen discovered a use-after-free issue in the Blink/Webkit
SVG implementation.
CVE-2013-6650
Christian Holler discovered a memory corruption in the v8 javascript
library.
For the stable distribution (wheezy), these problems have been fixed in
version 32.0.1700.123-1~deb7u1.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 32.0.1700.123-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJTAPwuAAoJELjWss0C1vRzHu0f/i51htbha+JCafx87gIm1vU/
z2cLhHDzWEKk47Bhl8Y0BJzl5lMCwAxmBfKaHLLz2/UQvNY4Eva1Jsj0o297KX1z
qHl32L0yAblue5n+iWmccx9/vZ2d0Bj0/tYk8LGZ2W4IzzqhNbRsV2Grq14mA6N0
ne9EMmsJenir8tQBk1GD8yFA4QWStzIxGt0Mmvtt8EdE7Vwk6cBb5wProY9aFwCX
hsui4ysoZL6kZdmlN/hrrZmtA8j7Vnq8v/sgAKZgvXY/b0tBjWQOGyDdDBEECtk7
Y991Zg8IhQCBwt1euICFVKGkdAwq/6mlJAxKJEnzlvj9hw3TiWTFFSkk3fqQJkT1
T/aDoWrGUsPc0iDYo0GrFsJejLvD3jznQiWLU21b+j8GYS6gJoZJDbv8VCwoCHCn
rG+NiRoI9p1DwTWTOSs3h3ypp8On77CC0w3VsNErVv0+GMxQteo+2W85R2AxhdWH
B5RnDfxS/J6DG6dlkkjf3mkUxbT2VidT0TZMDFtqKwREiyEaXRMuUm9BmIIixO2W
nJybfpYJVKmlDsJjmMq6+1jUL1nXAm8AtbWEHS/yHapqlykOSjA2zt4UqOSaOVwz
x5ZiWB5aVf13atISUTJsv6tSZ3OnBjUzW0wHM4D+cw8DMjC9ruoqpoy3hsToCBvi
CesvjFirPNQnQQmltaNvek6lT9b1C8W5lm3IQhj9jiylAPF15Lenfk1YrxTMQ6cd
EI6mRCDCeF1gq1lRopVJkbY0AuHWRHHQpwgiyuAznY+E3iKSksAVVZVfcoO70jxY
q6Ht3lXT5g6tF5GbGE1gZAZn6rm5M3I8fRkBq/7hiKV77ex8g8EdtgvDzN0Jipea
VGL/yQo5/Bn2h+600tWurExSKNlbvUkoTL2/ORJDl79J3n6C8XSGG9I3IpAw/ncx
u26fOfxuQGw/y18QkCvW+J3s8i8v3sdn2NjDI/rS0djUGN4KTZRMFajvthYf1IJg
KhbO/d5D+iZGqNC+B5S8RnDj91xW/tL4KG3hcYlrfRH6o4F1BSeh7q/kQDpnZSNt
z6jXGl1bnPlACRDTDWSNTci2NnlVIj6qIB8V5Lf9BAEDHgQS/Gvv+hVwqJZqIiKC
gdpWEdhZEw4ExsFT8oOUqINbXIG68YujeUwC5gBXStA5YZbnJBMuVU05BOB/3Gsp
zX7W0IEUxaTrDmKqNLNilZ5soBl63Dei4hOOnsnVvBDfuO6HEJNd/kVzB5nV4yYZ
0tujnudHHdfHFVhonzrbUu75Ryk9Y36Md0+cp2n51na2BK2ljdOUUab5x3xbFTQo
PsuIbyJJIrRt+t0cu4S7X47ajZMH/cpQLJTZO0jCeWIOvlX00EyXXtDhLa+sPkA=
=yzUa
-----END PGP SIGNATURE-----
| VAR-201401-0130 | CVE-2013-5667 | Thecus NAS Server N8800 contains multiple vulnerabilities |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter. Thecus NAS server N8800 with firmware version 5.03.01, and possibly earlier versions, contains multiple vulnerabilities. Thecus NAS server N8800 is a network storage product. NAS Server N8800 is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input.
Successfully exploiting this issue may allow an attacker to execute arbitrary OS commands in context of the affected application
| VAR-201401-0131 | CVE-2013-5668 | Thecus NAS Server N8800 contains multiple vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to discover the administrator credentials by reading this page's cleartext content. Thecus NAS server N8800 with firmware version 5.03.01, and possibly earlier versions, contains multiple vulnerabilities. Thecus NAS server N8800 is a network storage product.
Successfully exploiting this issue may allow attackers to obtain sensitive information from the application, that may aid in further attacks
| VAR-201401-0132 | CVE-2013-5669 | Thecus NAS Server N8800 contains multiple vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remote attackers to obtain sensitive information by sniffing the network. Thecus NAS server N8800 with firmware version 5.03.01, and possibly earlier versions, contains multiple vulnerabilities. Thecus NAS server N8800 is a network storage product.
Attackers can exploit this issue to gain access to the application credentials by sniffing network traffic through a man-in-the-middle attack. Successful exploits will lead to other attacks
| VAR-201401-0429 | CVE-2014-1671 | Dell KACE K1000 In SQL Injection vulnerability |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php. (1) service/kbot_service.php To getUploadPath request (2) service/kbot_service.php To getKBot SOAP request (3) userui/advisory_detail.php of ID Parameters (4) userui/ticket.php of ID Parameters (5) userui/ticket_list.php of ORDER[] Parameters. Dell Kace 1000 Systems Management Appliance is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Dell Kace 1000 Systems Management Appliance 5.4.76847 is vulnerable; other versions may also be affected. Dell KACE K1000 is a set of IT equipment management solutions in the KACE system management series of Dell (Dell). This solution provides functions such as software distribution, configuration management, patch installation, and security vulnerability remediation. The vulnerability is caused by (1) the service/kbot_service.php script does not correctly filter the 'macAddres' element in the getUploadPath and getKBot SOAP requests; (2) userui/advisory_detail The .php and userui/ticket.php scripts did not filter the 'ID' parameter correctly; (3) the userui/ticket_list.php script did not filter the 'ORDER[]' parameter correctly
| VAR-201401-0352 | CVE-2014-0647 | iOS for Starbucks Vulnerability that information such as user name is acquired in the application |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog. Starbucks is prone to an information-disclosure vulnerability.
Successfully exploiting this issue may allow attackers to obtain sensitive information from the application, that may aid in further attacks.
Starbucks 2.6.1 is vulnerable; other versions may also be affected. Starbucks is a set of mobile applications for the IOS platform of Starbucks in the United States. The application supports GPS automatic positioning, querying product introductions, understanding event information, etc
| VAR-201401-0665 | No CVE | NetGear N150 WNR1000v3 Password Recovery Feature Information Disclosure Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The Feixun FWR-604H diagnosis.asp script failed to properly filter the 'system_command' parameter data, allowing remote attackers to exploit the vulnerability to execute arbitrary commands. Feixun FWR-604H is a 150M enhanced wireless router product from China Feixun.
A remote code execution vulnerability exists in Feixun FWR-604H. An attacker could use this vulnerability to execute arbitrary code in the context of an affected device. There are vulnerabilities in Feixun FWR-604H version 1.0, other versions may also be affected.
An information disclosure vulnerability exists in the firmware NetGear N150 WNR1000v3 running 1.0.2.60_60.0.86, 1.0.2.54_60.0.82NA and 1.0.2.62_60.0.87 firmware. NetGear N150 WNR1000v3 is prone to an information-disclosure vulnerability
| VAR-201401-0322 | CVE-2014-0658 | Cisco 9900 Unified IP phones Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.4 CVSS V3: - Severity: MEDIUM |
Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898.
This issue is tracked by Cisco Bug ID CSCul24898. This product provides voice and video functions
| VAR-201401-0327 | CVE-2014-0663 | Cisco Secure Access Control System of Web Cross-site scripting vulnerability in the framework |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625. Cisco Secure ACS is a central management platform for Cisco network devices that controls device authentication and authorization.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCum03625. The system can respectively control network access and network device access through RADIUS and TACACS protocols
| VAR-201401-0328 | CVE-2014-0664 | Cisco Unity Connection Service disruption in the server (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976.
Successful exploiting this issue may allow an attacker to cause excessive CPU consumption, resulting in a denial-of-service condition.
This issue is tracked by Cisco Bug ID CSCul49976. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free"
| VAR-201401-0323 | CVE-2014-0659 | plural Cisco Vulnerability to read credential and configuration data in product firmware |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685. The Cisco RVS4000/WRVS4400N/WAP4410N are wireless routers and wireless APs from Cisco. Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router and Cisco RVS4000 4-port Gigabit Security Router products have security vulnerabilities that allow unauthenticated remote attackers to gain root-level access to the device. The vulnerability is due to the fact that the affected device has an undocumented test interface on TCP port 32764. The attacker can access the device's LAN interface and execute arbitrary commands. Run the firmware version 2.0.3.2 and earlier versions of the Cisco RVS4000 4-port Gigabit Security Router, running firmware version 1.1.13 and earlier of the Cisco WRVS4400N Wireless-N Gigabit Security Router hardware versions 1.0 and 1.1, running firmware version 2.0.2.1 and earlier. Cisco RVS4000, WRVS4400N, and WAP4410N devices are prone to a remote privilege-escalation vulnerability.
A remote attacker can exploit this issue to gain access to affected devices with root-level privileges.
This issue is tracked by Cisco Bug ID's CSCum37566, CSCum43693, CSCum43700 and CSCum43685. Cisco WAP4410N, WRVS4400N and RVS4000 are all products of Cisco (Cisco)
| VAR-201401-0286 | CVE-2013-7204 |
Conceptronic CIPCAMPTIWL Camera Cross-site request forgery vulnerability in some firmware
Related entries in the VARIoT exploits database: VAR-E-201401-0070 |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. Conceptronic CIPCAMPTIWL is an IP camera device. Conceptronic CIPCAMPTIWL is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Conceptronic CIPCAMPTIWL Camera is a wireless network camera product of German Conceptronic Company
| VAR-201401-0349 | CVE-2014-0618 | Juniper Networks SRX Operates on the series service gateway Junos Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message. Juniper Junos is prone to a remote denial-of-service vulnerability.
Successful exploits may allow the attacker to cause denial-of-service conditions. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. The following releases are affected: Juniper Junos 10.4 prior to 10.4R16, 11.4 prior to 11.4R8, 12.1R prior to 12.1R7, 12.1X44 prior to 12.1X44-D20, 12.1X45 prior to 12.1X45-D10
| VAR-201401-0348 | CVE-2014-0617 | Juniper Networks SRX Operates on the series service gateway Juniper Junos Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet. Juniper Junos is prone to a remote denial-of-service vulnerability.
Successful exploits may allow the attacker to cause denial-of-service conditions. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Junos on the SRX Series Services Gateway. The following releases are affected: Juniper Junos 10.4S prior to 10.4S15, 10.4R prior to 10.4R16, 11.4 prior to 11.4R9, 12.1R prior to 12.1R7
| VAR-201401-0347 | CVE-2014-0616 | Juniper Junos Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows remote attackers to cause a denial of service (rdp crash) via a large BGP UPDATE message which immediately triggers a withdraw message to be sent, as demonstrated by a long AS_PATH and a large number of BGP Communities. Juniper Junos is prone to a remote denial-of-service vulnerability.
Successful exploits will allow attackers to cause the routing daemon to crash, denying service to legitimate users. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos 10.4 prior to 10.4R16, 11.4 prior to 11.4R10, 12.1R prior to 12.1R8-S2, 12.1X44 prior to 12.1X44-D30, 12.1X45 prior to 12.1X45-D20 , 12.1X46 version before 12.1X46-D10, 12.2 version before 12.2R7, 12.3 before 12.3R4-S2 version, 13.1 version before 13.1R3-S1, 13.2 version before 13.2R2, 13.3 version before 13.3R1
| VAR-201401-0346 | CVE-2014-0615 | Juniper Junos Vulnerability gained in |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments.". Juniper Junos is prone to multiple local privilege-escalation vulnerabilities.
Local attackers can exploit these issues to execute arbitrary commands with root privileges. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. An elevation of privilege vulnerability exists in Juniper Junos. The following versions are affected: Juniper Junos 10.4 prior to 10.4R16, 11.4 prior to 11.4R10, 12.1R prior to 12.1R8-S2, 12.1X44 prior to 12.1X44-D30, 12.1X45 prior to 12.1X45-D20 , 12.1X46 version before 12.1X46-D10, 12.2 version before 12.2R7, 12.3 version before 12.3R5, 13.1 version before 13.1R3-S1, 13.2 version before 13.2R2, 13.3 version before 13.3R1
| VAR-201401-0557 | CVE-2014-1201 | plural Lorex Edge Product firmware INetViewX ActiveX Control buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter. Lorex Security DVR Edge Series is the Edge series of digital video recorder products from Lorex Technologies of the United States. A remote buffer overflow vulnerability exists in Lorex Security DVR Edge Series. Failed exploit attempts will result in a denial-of-service condition. Hi,
I have discovered a buffer overflow vulnerability that allows remote code
execution in an ActiveX control bundled by a manufacturer of video
surveillance systems.
The company is Lorex Technologies, a major video surveillance manufacturer
that is very popular in the US and East Asia. I have confirmed that all
16 are vulnerable at this point in time. The
Lorex manual[1] instructs the user to blindly accept the ActiveX control
install when prompted.
The full list of devices, as well as links to the firware download, can be
found in [2]. Their products offer remote video viewing capabilities, and
you can find some of them on Shodan[3].
The buffer overflow can be triggered by a really long string (10000+
characters) in the HTTP_PORT parameter. The instruction pointer can be very
easily controlled in XP by the characters 109 to 113 in the string. Please
refer to the PoC file lorex-testcase.html. You will see that the HTTP_PORT
parameter is composed of D's, apart from chars 109 to 113 which are four
A's. If you open this file in IE after installing the control, you will see
that IE will crash with an EIP of 0x41414141. Changing the four A's to any
other value will cause EIP to crash on that value.
The list below tells a better story about what is affected and how it can
be controlled:
Win XP SP3 with IE6 - Fully exploitable as described
Win XP SP3 with IE8 - Could not get it to crash (????)
Win 7 x64 with IE10 fully patched - Fully exploitable, though not as easy
as for XP (see analyze -v [4] and !exploitable [5] outputs)
To verify this vulnerability you can download and extract the firmware
using binwalk (http://code.google.com/p/binwalk/). To do so, please follow
the instructions in [6], and then install the ActiveX control in
INetViewProj1_02030330.cab.
I have contacted Lorex and they initially said they would fix it, but went
radio silent shortly afterwards.
17.11.2013 - Initial contact via support page
18.11.2013 - Email to sales, no response.
21.11.2013 - Second email to sales, received response by sales saying they
will forward it to technical support and get back to me.
04.12.2013 - Third email to sales saying that technical support never
contacted me back. No response.
08.01.2013 - MITRE assigns CVE-2014-1201 to this issue.
09.01.2013 - Public disclosure.
All references can be found at:
https://github.com/pedrib/PoC/lorexActivex/lorex-report.txt
Proof of concept:
https://github.com/pedrib/PoC/lorexActivex/lorex-testcase.html
Regards,
Pedro Ribeiro (pedrib@gmail.com)
Agile Information Security
| VAR-201401-0501 | CVE-2014-1405 | Conceptronic C54APM Access point open redirect vulnerability |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. (1) goform/formWlSiteSurvey of Refresh In action submit-url Parameters (2) goform/formWlanSetup of wlan-url Parameters. The Conceptronic C54APM is a wireless AP device. The Openron redirection vulnerability exists in Conceptronic C54APM. A remote attacker can provide the 'submit-url' parameter in the Refresh operation to the goform/formWlSiteSurvey page or the 'wlan-url' parameter to the goform/formWlanSetup page. The attacker can use the vulnerability to redirect the user to any website and then implement the phishing. attack. Conceptronic C54APM 2.0 is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can leverage these issues by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.
Conceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company
| VAR-201401-0502 | CVE-2014-1406 | Conceptronic C54APM Access point goform/formWlSiteSurvey In CRLF Injection vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action. The Conceptronic C54APM is a wireless AP device. The Conceptronic C54APM has an HTTP response split vulnerability. The goform/formWlSiteSurvey page failed to properly filter the \342\200\230submit-url\342\200\231 parameter in the Refresh operation.
Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust.
Conceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company. There is a CRLF injection vulnerability in the Conceptronic C54APM device using the Runtime Code 1.26 accessor