Wednesday, August 24, 2011

Thunderbird, FireFox and WebKit vulnerabilities fixed on Ubuntu and Fedora

Ubuntu has announced that security vulnerabilities affecting WebKit libraries have been fixed and users are encouraged to upgrade. The announcement can be found at http://www.ubuntu.com/usn/usn-1195-1/ If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of
service attacks, and arbitrary code execution. WebKit is a web content engine, derived from KHTML and KJS from KDE, and used primarily in Apple's Safari browser. It is made to be embedded in other applications, such as mail readers, or web browsers.

Fedora released a new version of FireFox and Thunderbird that fixes multiple security vulnerabilities. The details can be found at http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064383.html

Friday, May 20, 2011

glibc vulnerability - privilege escalation

This is an announcement that should have been posted when it was sent to the site security contact in April. Posting now to make sure it's included on the blog for everyone.

In coordination with the EGI CSIRT team.

Title: HIGH risk glibc vulnerability - privilege escalation
(CVE-2011-0536) [EGI-ADV-20110412]
Date: April 12, 2011
Last update: April 12, 2011
URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/glibc-2011-04-12

Introduction
============

A flaw has been found in the dynamic linker component of the GNU
C library. A local attacker could use this flaw to escalate their
privileges via a setuid or setgid program which is dynamically linked
to a library with certain properties.

This vulnerability affects both RH5 and RH6 and their variants.

EGI CSIRT considers this to be a HIGH vulnerability for now and might
raise it to CRITICAL if a working exploit is made public

Details
=======

The fix for CVE-2010-3847 introduced a regression in the way the dynamic
loader expanded the $ORIGIN dynamic string token specified in the RPATH and
RUNPATH entries in the ELF library header. A local attacker could use this
flaw to escalate their privileges via a setuid or setgid program using
such a library. (CVE-2011-0536)

RH security team confirmed that reporter (of this vulnerability)
indicated an intention to make exploit public after waiting some time

to give users and downstream distros an opportunity to pick up the fix.

Mitigation
==========

The only known mitigation is to apply the security patch from the software
vendor.

Recommendations
===============

It is STRONGLY recommended to immediately apply vendor patches when they
become available.

Vendor patches are now available from

* Ubuntu
* Debian
* RHEL5/6
* SL5/6

To be released:

* CentOS5/6

References
==========
RedHat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0536

RHEL5 update:
https://rhn.redhat.com/errata/RHSA-2011-0412.html

RHEL6 update:
https://rhn.redhat.com/errata/RHSA-2011-0413.html

SL5/6 update:
http://listserv.fnal.gov/scripts/wa.exe?A2=ind1104&L=scientific-linux-errata
&T=0&P=583

SLC5 update:
http://linux.web.cern.ch/linux/updates/updates-slc5.shtml

SLC6 update:
http://linux.web.cern.ch/linux/updates/updates-slc6.shtml

Debian update:
http://lists.debian.org/debian-security-announce/2011/msg00005.html

Ubuntu update:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-January/0012
26.html

Regards,

Mingchao, EGI CSIRT security officer on duty