by CIRT Team
Linux Kernel CVE-2017-2636 Local Privilege Escalation Vulnerability
Description: Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. Impact: Local attackers may exploit this issue to gain elevated privileges. Mitigation: Updates are available. Please check the respective vendor advisory for more information. Reference URL’s: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636 https://access.redhat.com/security/cve/cve-2017-2636 https://security-tracker.debian.org/tracker/CVE-2017-2636 https://kalilinux.co/2017/03/17/cve-2017-2636-linux-kernel-flaw-can-local-privilege-escalation/#.WM-uEmclHIU
by CIRT Team
Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability: CVE-2017-3881
Description CVE-2017-3881: Cisco is warning of a new critical IOS / IOS XE vulnerability that affects more than 300 of its switch models. A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. Impact: An...
Read More
by CIRT Team
Apache Struts 2 Vulnerability Leads to Remote Code Execution (CVE-2017-5638)
Description: The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017. Impact: This vulnerability allows for unauthenticated, remote code execution on the server. Mitigation: Upgrade to Struts 2.3.32 or Struts 2.5.10.1...
Read More
by CIRT Team
WordPress versions 4.7.2 and earlier are affected by six security issues
Description: Cross-site scripting (XSS) via media file metadata. Control characters can trick redirect URL validation Unintended files can be deleted by administrators using the plugin deletion functionality Cross-site scripting (XSS) via video URL in YouTube embeds. Cross-site scripting (XSS) via taxonomy term names. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources Impact: Intruder may perform malicious activity by exploiting...
Read More
by CIRT Team
Roundcube 1.2.2 – Remote Code Execution Vulnerability
Description: In Roundcube 1.2.2 and earlier, user-controlled input flows unsanitized into the fifth argument of a call to PHP’s built-in function mail() which is documented as security critical. The problem is that the invocation of the mail() function will cause PHP to execute the sendmail program. The fifth argument allows to pass arguments to this execution which allows a configuration of sendmail. Since sendmail offers...
Read More
by CIRT Team
Microsoft Exchange Server Information Disclosure Vulnerability
CVE-2016-0028: Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka “Microsoft Exchange Information Disclosure Vulnerability.” Impact: An attacker can exploit this issue to conduct spoofing attacks...
Read More
by CIRT Team
Exim < 4.86.2 - Privilege Escalation Vulnerability
Description: CVE-2016-1531: Exim before 4.86.2, when installed as setuid root, allows local users to gain privileges via the perl_startup argument. Impact: When Exim installation has been compiled with Perl support and contains a perl_startup configuration variable it can be exploited by malicious local attackers to gain root privileges. Mitigation: Vendor has released patch version. Reference URL’s: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1531 https://www.exim.org/static/doc/CVE-2016-1531.txt https://github.com/Exim/exim/wiki/EximSecurity
by CIRT Team
Zimbra Collaboration Server 7.2.2 / 8.0.2 – Local File Inclusion Vulnerability
Description: CVE-2013-7091: Directory traversal vulnerability on /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. Impact: An attacker can exploit this vulnerability to obtain potentially sensitive information like LDAP root credentials and execute arbitrary...
Read More
by CIRT Team
Linux Kernel 4.4.1 – REFCOUNT Overflow/Use-After-Free in Keyrings Privilege Escalation vulnerability
Description: CVE-2016-0728: The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. Impact: Local attackers may exploit this issue to gain root privileges. Mitigation: Vendor has released patch version. Reference URL’s: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728 https://access.redhat.com/security/cve/cve-2016-0728 https://security-tracker.debian.org/tracker/CVE-2016-0728 https://www.suse.com/security/cve/CVE-2016-0728/
by CIRT Team
Apache Struts – Dynamic Method Invocation – Remote Code Execution
Description: CVE-2016-3081: Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2 and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled allows remote attackers to execute arbitrary code via method: prefix, related to chained expressions. Impact: Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. Mitigation: Vendor has...
Read More
