This archive contains all of the 107 exploits added to Packet Storm in August, 2014.
c0bd4ec0e7c6e58f66fd9639d9076a94d00be1b0b74a6f2be8d565a05411bf76
Ubuntu Security Notice 2326-1 - A use-after-free was discovered in the SVG implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. A use-after-free was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. Various other issues were also addressed.
c087630bfc5c5aa44fb205e902b3cbf2c3bff0c84b3e295fb5a78649f2413175
LogAnalyzer version 3.6.5 suffers from a cross site scripting vulnerability.
f98069f7596bd8fbfa00152848840528932d6b666d0df8a98d6f10bd92a35b5a
Core Security Technologies Advisory - Advantech WebAccess version 7.2 suffers from multiple buffer overflow vulnerabilities.
909690e95e7b916c1fbab64b4af5b09fb3ba04112c7ca47c95bbd232e68cb553
WWW File Share Pro version 7.0 suffers from a denial of service vulnerability.
7906f2aef912292473f86a0578ea86239c0f55b56e587c612027048f6fa0d8df
WordPress Huge IT Image Gallery version 1.0.0 suffers from a remote SQL injection vulnerability.
075f677fcde869f4908548df7534813f4628cf4536ab7bce5fffdb634058cae1
Facebook Messenger and Facebook App suffers from a cross site scripting vulnerability due to a lack of file content validation.
984facfb08f08d6659766f7d97fe50566a9cb53325e50fee998518109f250154
Red Hat Security Advisory 2014-1123-01 - Apache Axis is an implementation of SOAP. It can be used to build both web service clients and servers. Apache Axis did not verify that the server host name matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. All devtoolset-2-axis users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
fc012b67d580e6a5d54fae42870f3b6522d860d01b90618b5a96102cc6098b22
Red Hat Security Advisory 2014-1122-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. It was found that the MySQL token driver did not correctly store token expiration times, which prevented manual token revocation. Only OpenStack Identity setups configured to make use of revocation events were affected.
71b6f0ad7ddb66e33912a20d961626d48d2e9236eca25ead95ebf368c0a626c4
Red Hat Security Advisory 2014-1119-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in neutron's handling of allowed address pairs. As there was no enforced quota on the amount of allowed address pairs, a sufficiently authorized user could possibly create a large number of firewall rules, impacting performance or potentially rendering a compute node unusable.
e45e8a7407272e99e406cd674a173ea013d37365242b61f7070157988c150857
Red Hat Security Advisory 2014-1121-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. It was found that the MySQL token driver did not correctly store token expiration times, which prevented manual token revocation. Only OpenStack Identity setups configured to make use of revocation events were affected.
0683cdbc0a1a356cd2e6d084fb9d174032025d4ff4a6f905d4b1ddde9da842d6
Red Hat Security Advisory 2014-1118-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.
7fca1af74122ae5f8f810bdf1a8f77314889651cb17c53f6c538685a4e6f6ab2
Ubuntu Security Notice 2329-1 - Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, JW Wang and David Weir discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Abhishek Arya discovered a use-after-free during DOM interactions with SVG. If a user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
0c551f46a6d816a4b21607bbb9b40caf55b0faf11cbe2cb3fa7d0bdd49a0f838
Red Hat Security Advisory 2014-1120-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in neutron's handling of allowed address pairs. As there was no enforced quota on the amount of allowed address pairs, a sufficiently authorized user could possibly create a large number of firewall rules, impacting performance or potentially rendering a compute node unusable.
8de0d30b6ea642ca8fc6967171ced5c81286dc7ba44aa5e3eba3418211435541
Ubuntu Security Notice 2337-1 - A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. Various other issues were also addressed.
5ea5d0d4314836f6fa6b24d0a0cb4c1a706d5ad137e84b32d12c47f0bb15b899
Ubuntu Security Notice 2336-1 - A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. Various other issues were also addressed.
dc7e46f4955a3c32910dc04c40a47f9d4510df5db2814339aa3608859251c2df
Ubuntu Security Notice 2335-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. Various other issues were also addressed.
1f6469115ae1e9bf66756c1ba511a70b860e32a6a371a0d0f97c5240fda89fc0
Ubuntu Security Notice 2334-1 - An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. Various other issues were also addressed.
320de95f33b6f9a2559cca5cb221b03f3c70a08b3d9447fe4ab94e546233d565
Ubuntu Security Notice 2333-1 - A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service (system crash) via an open system call. Toralf reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). An information leak was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.
937ac3be9b799434ac81bf071aed2f115c6f145b2044ee77c51f45a088575c99
Ubuntu Security Notice 2332-1 - A bug was discovered in the handling of pathname components when used with an autofs direct mount. A local user could exploit this flaw to cause a denial of service (system crash) via an open system call. Toralf reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). An information leak was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory. Various other issues were also addressed.
d9919ad7ce17798e27ac5fdcd220af2dd382306a3e0b6db94d1b04fc95bac660
Debian Linux Security Advisory 3017-1 - Marvin S. Addison discovered that Jasig phpCAS, a PHP library for the CAS authentication protocol, did not encode tickets before adding them to an URL, creating a possibility for cross site scripting.
bc5a63f1ac06cd36d7a8fab0eda47982012e60a2fd52372d7bc36def64dd38b3
Ubuntu Security Notice 2331-1 - Rohan Durve and James Kettle discovered LibreOffice Calc sometimes allowed for command injection when opening spreadsheets. If a user were tricked into opening a crafted Calc spreadsheet, an attacker could exploit this to run programs as your login.
e975a73a0a442074aa9887bddf891c938e8f8401b536a2d8d8041170fede7576
Mandriva Linux Security Advisory 2014-171 - In dhcpcd before 6.4.3, a specially crafted packet received from a malicious DHCP server caused dhcpcd to enter an infinite loop, causing a denial of service.
a1babf00b9cb9418b52edff55fb21fc85d9d43da50ff59fd19b491084b4c700f
Mandriva Linux Security Advisory 2014-170 - Updated jakarta-commons-httpclient and httpcomponents-client packages The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used.
116796f502a4a28c6bc079a5cec811f6f2804bb347547540e5d4aaf676368443
Mandriva Linux Security Advisory 2014-169 - Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
f5bd598a395b6c05ed00bff7322ba053ea6bda85e2b6ae397f5bc9946a6a1af1