cURL/libcURL CVE-2017-1000257 Buffer Overflow Vulnerability


cURL/libcURL CVE-2017-1000257 Buffer Overflow Vulnerability

Bugtraq ID: 101519
Class: Boundary Condition Error
CVE:

CVE-2017-1000257

Remote: Yes
Local: No
Published: Oct 23 2017 12:00AM
Updated: Oct 23 2017 12:00AM
Credit: Brian Carpenter, Geeknik Labs and 0xd34db347.
Vulnerable:

Redhat Software Collections for RHEL 0
Redhat Enterprise Linux 7
Haxx Libcurl 7.56
Haxx Libcurl 7.55.1
Haxx Libcurl 7.54.1
Haxx Libcurl 7.54
Haxx Libcurl 7.53.1
Haxx Libcurl 7.53
Haxx Libcurl 7.52
Haxx Libcurl 7.51
Haxx Libcurl 7.50.3
Haxx Libcurl 7.50.2
Haxx Libcurl 7.50.1
Haxx Libcurl 7.50
Haxx Libcurl 7.47
Haxx Libcurl 7.46
Haxx Libcurl 7.36
Haxx Libcurl 7.25
Haxx Libcurl 7.23
Haxx Libcurl 7.22
Haxx Libcurl 7.21
Haxx Libcurl 7.20
Haxx Libcurl 7.55.0
Haxx Libcurl 7.52.1
Haxx Libcurl 7.48.0
Haxx Libcurl 7.40.0
Haxx Libcurl 7.35.0
Haxx Libcurl 7.24.0
Haxx Libcurl 7.23.1
Haxx Libcurl 7.21.7
Haxx Libcurl 7.21.6
Haxx Libcurl 7.21.5
Haxx Libcurl 7.21.4
Haxx Libcurl 7.21.3
Haxx Libcurl 7.21.2
Haxx Libcurl 7.21.1
Haxx Curl 7.56
Haxx Curl 7.55.1
Haxx Curl 7.55
Haxx Curl 7.54.1
Haxx Curl 7.54
Haxx Curl 7.53.1
Haxx Curl 7.53
Haxx Curl 7.52
Haxx Curl 7.51
Haxx Curl 7.50.3
Haxx Curl 7.50
Haxx Curl 7.47
Haxx Curl 7.46
Haxx Curl 7.36
Haxx Curl 7.25
Haxx Curl 7.23
Haxx Curl 7.22
Haxx Curl 7.21
Haxx Curl 7.20
Haxx Curl 7.52.1
Haxx Curl 7.50.1
Haxx Curl 7.48.0
Haxx Curl 7.40.0
Haxx Curl 7.35.0
Haxx Curl 7.24.0
Haxx Curl 7.23.1
Haxx Curl 7.21.7
Haxx Curl 7.21.6
Haxx Curl 7.21.5
Haxx Curl 7.21.4
Haxx Curl 7.21.3
Haxx Curl 7.21.2
Haxx Curl 7.21.1

Not Vulnerable:

Haxx Libcurl 7.56.1
Haxx Curl 7.56.1

GNU glibc CVE-2017-15671 Local Denial of Service Vulnerability

Vulnerable:

GNU glibc2 2.3.10

+

Debian Linux 2.2

+

Debian Linux 2.2

GNU glibc 2.22.90
GNU glibc 2.12.2
GNU glibc 2.12.1
GNU glibc 2.11.2
GNU glibc 2.11.1
GNU glibc 2.10.1
GNU glibc 2.5
GNU glibc 2.3.10

+

Debian Linux 2.2

GNU glibc 2.3.4
GNU glibc 2.3.3

+

MandrakeSoft apcupsd 2006.0

+

Mandriva Linux Mandrake 10.1 x86_64

+

Mandriva Linux Mandrake 10.1

+

Mandriva Linux Mandrake 10.0 AMD64

+

Mandriva Linux Mandrake 10.0

+

Redhat Fedora Core2

GNU glibc 2.3.2

+

Redhat Linux 9.0 i386

+

Redhat Linux 8.0

+

Trustix Secure Linux 2.0

+

Ubuntu Ubuntu Linux 4.1 ppc

+

Ubuntu Ubuntu Linux 4.1 ia64

+

Ubuntu Ubuntu Linux 4.1 ia32

GNU glibc 2.3.1

+

Mandriva Linux Mandrake 9.1 ppc

+

Mandriva Linux Mandrake 9.1

+

Slackware Linux 9.0

GNU glibc 2.3
GNU glibc 2.2.5

+

Debian Linux 3.0 sparc

+

Debian Linux 3.0 s/390

+

Debian Linux 3.0 ppc

+

Debian Linux 3.0 mipsel

+

Debian Linux 3.0 mips

+

Debian Linux 3.0 m68k

+

Debian Linux 3.0 ia-64

+

Debian Linux 3.0 ia-32

+

Debian Linux 3.0 hppa

+

Debian Linux 3.0 arm

+

Debian Linux 3.0 alpha

+

Debian Linux 3.0

+

Gentoo Linux 0.7

+

Gentoo Linux 0.5

+

MandrakeSoft Corporate Server 2.1 x86_64

+

MandrakeSoft Corporate Server 2.1

+

Mandriva Linux Mandrake 9.0

+

Redhat Linux 7.3 i386

+

Redhat Linux 7.3

+

Slackware Linux 8.1

GNU glibc 2.2.4

+

Caldera OpenLinux Server 3.1.1

+

Caldera OpenLinux Server 3.1

+

Caldera OpenLinux Workstation 3.1.1

+

Caldera OpenLinux Workstation 3.1

+

HP Secure OS software for Linux 1.0

+

Mandriva Linux Mandrake 8.2 ppc

+

Mandriva Linux Mandrake 8.2

+

Mandriva Linux Mandrake 8.1 ia64

+

Mandriva Linux Mandrake 8.1

+

Redhat Enterprise Linux AS 2.1 IA64

+

Redhat Enterprise Linux AS 2.1

+

Redhat Enterprise Linux ES 2.1 IA64

+

Redhat Enterprise Linux ES 2.1

+

Redhat Enterprise Linux WS 2.1 IA64

+

Redhat Enterprise Linux WS 2.1

+

Redhat Linux 7.2 i686

+

Redhat Linux 7.2 i386

+

Redhat Linux 7.1 ia64

+

Redhat Linux 7.1 i686

+

Redhat Linux 7.1 i386

+

Redhat Linux 7.1 alphaev6

+

Redhat Linux 7.1 alpha

+

Redhat Linux 7.0 alphaev6

+

Redhat Linux 7.0 i686

+

Redhat Linux 7.0 i386

+

Redhat Linux 7.0 alpha

+

Redhat Linux Advanced Work Station 2.1

+

S.u.S.E. Linux 8.0 i386

+

S.u.S.E. Linux 8.0

+

S.u.S.E. Linux 7.3 sparc

+

S.u.S.E. Linux 7.3 ppc

+

S.u.S.E. Linux 7.3 i386

+

S.u.S.E. Linux 7.3

+

S.u.S.E. Linux Database Server 0

+

S.u.S.E. Linux Enterprise Server for S/390

+

S.u.S.E. Linux Firewall on CD

+

S.u.S.E. SuSE eMail Server III

+

Sun Linux 5.0.7

+

Sun Linux 5.0.6

+

Sun Linux 5.0.5

+

Sun Linux 5.0.3

+

Sun Linux 5.0

+

SuSE SUSE Linux Enterprise Server 7

GNU glibc 2.2.3
GNU glibc 2.2.2

+

Mandriva Linux Mandrake 8.0 ppc

+

Mandriva Linux Mandrake 8.0

+

S.u.S.E. Linux 7.2 i386

+

S.u.S.E. Linux 7.2

GNU glibc 2.2.1
GNU glibc 2.2

+

S.u.S.E. Linux 7.1 x86

+

S.u.S.E. Linux 7.1 sparc

+

S.u.S.E. Linux 7.1 ppc

+

S.u.S.E. Linux 7.1 alpha

+

S.u.S.E. Linux 7.1

+

Wirex Immunix OS 7+

GNU glibc 2.1.9
GNU glibc 2.1.3

+

Debian Linux 2.2 sparc

+

Debian Linux 2.2 powerpc

+

Debian Linux 2.2 IA-32

+

Debian Linux 2.2 arm

+

Debian Linux 2.2 alpha

+

Debian Linux 2.2 68k

+

Debian Linux 2.2

+

EnGarde Secure Linux 1.0.1

+

HP Secure OS software for Linux 1.0

+

MandrakeSoft Corporate Server 1.0.1

+

MandrakeSoft Single Network Firewall 7.2

+

Mandriva Linux Mandrake 7.2

+

Mandriva Linux Mandrake 7.1

+

Openwall Openwall GNU/*/Linux 0.1 -stable

+

Redhat Linux 6.2 sparcv9

+

Redhat Linux 6.2 sparc

+

Redhat Linux 6.2 i386

+

Redhat Linux 6.2 alpha

+

Redhat Linux 6.2

+

S.u.S.E. Linux 7.0 sparc

+

S.u.S.E. Linux 7.0 ppc

+

S.u.S.E. Linux 7.0 i386

+

S.u.S.E. Linux 7.0 alpha

+

S.u.S.E. Linux 7.0

+

S.u.S.E. Linux 6.4 ppc

+

S.u.S.E. Linux 6.4 i386

+

S.u.S.E. Linux 6.4 alpha

+

S.u.S.E. Linux 6.4

+

Trustix Secure Linux 1.5

+

Trustix Secure Linux 1.2

+

Trustix Secure Linux 1.1

+

Trustix Secure Linux 1.0 1

GNU glibc 2.1.2
GNU glibc 2.1.1 -6

+

Redhat Linux 6.0

GNU glibc 2.1.1
GNU glibc 2.1
GNU glibc 2.0.6
GNU glibc 2.0.5
GNU glibc 2.0.4
GNU glibc 2.0.3
GNU glibc 2.0.2
GNU glibc 2.0.1
GNU glibc 2.0
GNU glibc 2.9
GNU glibc 2.8
GNU glibc 2.7
GNU glibc 2.6.1
GNU glibc 2.6
GNU glibc 2.5.1
GNU glibc 2.4
GNU glibc 2.3.6
GNU glibc 2.3.5
GNU glibc 2.26
GNU glibc 2.25
GNU glibc 2.24
GNU glibc 2.23
GNU glibc 2.22
GNU glibc 2.21
GNU glibc 2.20
GNU glibc 2.19
GNU glibc 2.18
GNU glibc 2.17
GNU glibc 2.16
GNU glibc 2.15
GNU glibc 2.14.1
GNU glibc 2.14
GNU glibc 2.13
GNU glibc 2.12
GNU glibc 2.11.3
GNU glibc 2.11
GNU glibc 2.10
GNU glibc 2.1.3.10
GNU Cfengine 1.2.3

Google to add “DNS over TLS” security feature to Android OS

android-dns-over-tls

No doubt your Internet Service Provides (ISPs), or network-level hackers cannot spy on https communications.

But do you know — ISPs can still see all of your DNS requests, allowing them to know what websites you visit.

Google is working on a new security feature for Android that could prevent your Internet traffic from network spoofing attacks.

Almost every Internet activity starts with a DNS query, making it a fundamental building block of the Internet. DNS works as an Internet’s phone book that resolves human-readable web addresses, like thehackernews.com, against their IP addresses.

DNS queries and responses are sent in clear text (using UDP or TCP) without encryption, which makes it vulnerable to eavesdropping and compromises privacy.

ISPs by default resolve DNS queries from their servers. So when you type a website name in your browser, the query first goes to their DNS servers to find the website’s IP address, which eventually exposes this information (metadata) to your ISPs.

Moreover, DNS Security Extensions — widely known as DNSSEC — only offers data integrity, not privacy.

To address this problem, Internet Engineering Task Force (IETF) last year proposed an experimental feature called — DNS over TLS (RFC 7858), which works approximately the same way https does.

Just like Transport Layer Security (TLS) encrypted protocol secures HTTPS connections cryptographically, DNS-over-TLS dramatically enhances privacy and security with end-to-end authenticated DNS lookups.

Google is reportedly adding “DNS over TLS” support to the Android Open Source Project (AOSP), currently at an experimental stage, to allow smartphone users to turn on or off “DNS over TLS” feature under Developer Options settings.

Presumably, if such an option is being added to Developer Options, then that means it is in testing and may arrive in a future version of Android such as version 8.1.” Xda-developers said in a blog post.

However, just enabling “DNS over TLS” feature would not prevent your ISP to know what websites you visit.

Server Name Indication (SNI) — an extension of the TLS protocol — also indicates ISPs that which hostname is being contacted by the browser at the beginning of the ‘handshake’ process.

So to enjoy full anonymity, users are still required to use a trusted secure VPN service in combination with DNS-over-TLS protocol.

RHSA-2017:2998-1: Critical: java-1.8.0-openjdk security update

Red Hat Enterprise Linux: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6
and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388

Read More

RHSA-2017:2997-1: Important: chromium-browser security update

Red Hat Enterprise Linux: An update for chromium-browser is now available for Red Hat Enterprise Linux 6
Supplementary.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395, CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5130, CVE-2017-5131, CVE-2017-5132, CVE-2017-5133

Read More

New Rapidly-Growing IoT Botnet Threatens to Take Down the Internet

Just a year after Mirai—biggest IoT-based malware that caused vast Internet outages by launching massive DDoS attacks—completed its first anniversary, security researchers are now warning of a brand new rapidly growing IoT botnet.

Dubbed ‘IoT_reaper,’ first spotted in September by researchers at firm Qihoo 360, the new malware no longer depends on cracking weak passwords; instead, it exploits vulnerabilities in various IoT devices and enslaves them into a botnet network.

IoT_reaper malware currently includes exploits for nine previously disclosed vulnerabilities in IoT devices from following manufactures:

  • Dlink (routers)
  • Netgear (routers)
  • Linksys (routers)
  • Goahead (cameras)
  • JAWS (cameras)
  • AVTECH (cameras)
  • Vacron (NVR)

Researchers believe IoT_reaper malware has already infected nearly two million devices and growing continuously at an extraordinary rate of 10,000 new devices per day.

This is extremely worrying because it took only 100,000 infected devices for Mirai to took down DNS provider Dyn last year using a massive DDoS attack.

Besides this, researchers noted that the malware also includes more than 100 DNS open resolvers, enabling it to launch DNS amplification attacks.

Currently, this botnet is still in its early stages of expansion. But the author is actively modifying the code, which deserves our vigilance.” Qihoo 360 researchers say.

Meanwhile, researchers at CheckPoint are also warning of probably same IoT botnet, named “IoTroop,” that has already infected hundreds of thousands of organisations.

“It is too early to guess the intentions of the threat actors behind it, but with previous Botnet DDoS attacks essentially taking down the Internet, it is vital that organisations make proper preparations and defence mechanisms are put in place before attack strikes.” researchers said.

According to CheckPoint, IoTroop malware also exploits vulnerabilities in Wireless IP Camera devices from GoAhead, D-Link, TP-Link, AVTECH, Linksys, Synology and others.

At this time it is not known who created this and why, but the DDoS threat landscape is skyrocketing and could reach tens of terabits-per-second in size.

“Our research suggests we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come.” CheckPoint researchers warned.

You need to be more vigilant about the security of your smart devices. In our previous article, we have provided some essential, somewhat practical, solutions to protect your IoT devices.

Also Read: How Drones Can Find and Hack Internet-of-Things Devices From the Sky.

Multiple vulnerabilities in BMC Remedy

Posted by Simon Rawet on Oct 20

Document Title
==============
Multiple vulnerabilities in BMC Remedy

Reported By
===========
Simon Rawet from Outpost24
Kristian Varnai from Outpost24

Vendor description
==================
“Remedy Service Management Suite is an enterprise service management
platform built natively for mobile with an intuitive, people-centric
user experience that makes your whole organization more productive.”
Source:…

Read more

Software and Security Information