|
|
oss-sec - sfeed_tests - sfeed tests and RSS and Atom files |
|
|
 |
git clone git://git.codemadness.org/sfeed_tests (git://git.codemadness.org) |
|
|
 |
Log |
|
|
|
Files |
|
|
|
Refs |
|
|
|
README |
|
|
|
LICENSE |
|
|
|
--- |
|
|
|
oss-sec (14380B) |
|
|
|
--- |
|
|
|
1 <?xml version="1.0" encoding="utf-8"?> |
|
|
|
2 <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> |
|
|
|
3 <channel> |
|
|
|
4 <title>Open Source Security</title> |
|
|
|
5 <link>http://seclists.org/#oss-sec</link> |
|
|
|
6 <atom:link href="http://seclists.org/rss/oss-sec.rss" rel="self" type="application/rss+xml" /> |
|
|
|
7 <language>en-us</language> |
|
|
|
8 <description>Discussion of security flaws, concepts, and practices in the Open Source community</description> |
|
|
|
9 <pubDate>Thu, 17 Sep 2020 11:00:03 GMT</pubDate> |
|
|
|
10 <lastBuildDate>Thu, 17 Sep 2020 11:00:03 GMT</lastBuildDate> |
|
|
|
11 <!-- MHonArc v2.6.19 --> |
|
|
|
12 |
|
|
|
13 |
|
|
|
14 |
|
|
|
15 <item> |
|
|
|
16 <title>Apache + PHP <= 7.4.10 open_basedir bypass</title> |
|
|
|
17 <link>http://seclists.org/oss-sec/2020/q3/184</link> |
|
|
|
18 <description><p>Posted by Havijoori on Sep 17</p>Introduction<br> |
|
|
|
19 ============<br> |
|
|
|
20 open_basedir security feature can be bypassed when Apache web server runs PHP scripts.<br> |
|
|
|
21 <br> |
|
|
|
22 Proof of Concept<br> |
|
|
|
23 ================<br> |
|
|
|
24 1. Set open_basedir as a security feature in php.ini file :<br> |
|
|
|
25 open_basedir = /var/www/html:/tmp<br> |
|
|
|
26 2. Make a directory with the name of your web server&apos;s home directory inside your web server&apos;s home directory :<br> |
|
|
|
27 mkdir -p /var/www/html/var/www/html<br> |
|
|
|
28 3. Make a symlink to a restricted writable...<br></description> |
|
|
|
29 <pubDate>Thu, 17 Sep 2020 10:50:42 GMT</pubDate> |
|
|
|
30 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/184</guid> |
|
|
|
31 </item> |
|
|
|
32 <item> |
|
|
|
33 <title>Samba and CVE-2020-1472 ("Zerologon")</title> |
|
|
|
34 <link>http://seclists.org/oss-sec/2020/q3/183</link> |
|
|
|
35 <description><p>Posted by Douglas Bagnall on Sep 17</p>In August, Microsoft patched CVE-2020-1472, which gives administrator<br> |
|
|
|
36 access to an unauthenticated user on a Domain Controller. Microsoft gave<br> |
|
|
|
37 it a CVSS score of 10.<br> |
|
|
|
38 <br> |
|
|
|
39 <a rel="nofollow" href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1472#ID0EUGAC">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1472#ID0EUGAC</a><br> |
|
|
|
40 <br> |
|
|
|
41 The Samba security team was not contacted before the announcement, which<br> |
|
|
|
42 is very sparse on detail, and was unable to learn much through an<br> |
|
|
|
43 established (and generally quite useful) channel for...<br></description> |
|
|
|
44 <pubDate>Thu, 17 Sep 2020 10:48:56 GMT</pubDate> |
|
|
|
45 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/183</guid> |
|
|
|
46 </item> |
|
|
|
47 <item> |
|
|
|
48 <title>CVE-2020-25625 QEMU: usb: hcd-ohci: infinite loop issue while processing transfer descriptors</title> |
|
|
|
49 <link>http://seclists.org/oss-sec/2020/q3/182</link> |
|
|
|
50 <description><p>Posted by P J P on Sep 17</p> Hello,<br> |
|
|
|
51 <br> |
|
|
|
52 An infinite loop issue was found in the USB OHCI controller emulator of QEMU. <br> |
|
|
|
53 It could occur while servicing OHCI isochronous transfer descriptors (TD) in <br> |
|
|
|
54 ohci_service_iso_td routine, as it retires a TD if it has passed its time <br> |
|
|
|
55 frame. While doing so it does not check if the TD was already processed ones <br> |
|
|
|
56 and holds an error code in TD_CC. It may happen if the TD list has a loop.<br> |
|
|
|
57 <br> |
|
|
|
58 A guest user/process may use this flaw to consume cpu...<br></description> |
|
|
|
59 <pubDate>Thu, 17 Sep 2020 10:15:23 GMT</pubDate> |
|
|
|
60 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/182</guid> |
|
|
|
61 </item> |
|
|
|
62 |
|
|
|
63 |
|
|
|
64 <item> |
|
|
|
65 <title>CVE-2020-25085 QEMU: sdhci: out-of-bounds access issue while doing multi block SDMA</title> |
|
|
|
66 <link>http://seclists.org/oss-sec/2020/q3/181</link> |
|
|
|
67 <description><p>Posted by P J P on Sep 16</p> Hello,<br> |
|
|
|
68 <br> |
|
|
|
69 An out-of-bounds r/w access issue was found in the SDHCI Controller emulator <br> |
|
|
|
70 of QEMU. It may occur while doing multi block SDMA, if transfer block size <br> |
|
|
|
71 exceeds the &apos;s-&gt;fifo_buffer[s-&gt;buf_maxsz]&apos; size. It&apos;d leave the current <br> |
|
|
|
72 element pointer &apos;s-&gt;data_count&apos; pointing out of bounds. Leading the subsequent <br> |
|
|
|
73 DMA r/w operation to OOB access issue. A guest user/process may use this flaw <br> |
|
|
|
74 to crash the QEMU...<br></description> |
|
|
|
75 <pubDate>Wed, 16 Sep 2020 18:56:48 GMT</pubDate> |
|
|
|
76 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/181</guid> |
|
|
|
77 </item> |
|
|
|
78 <item> |
|
|
|
79 <title>CVE-2020-25084 QEMU: usb: use-after-free issue while setting up packet</title> |
|
|
|
80 <link>http://seclists.org/oss-sec/2020/q3/180</link> |
|
|
|
81 <description><p>Posted by P J P on Sep 16</p> Hello,<br> |
|
|
|
82 <br> |
|
|
|
83 An use-after-free issue was found in USB(xHCI/eHCI) controller emulators of <br> |
|
|
|
84 QEMU. It occurs while setting up USB packet, as usb_packet_map() routine may <br> |
|
|
|
85 return an error, which was not checked. A guest user/process may use this flaw <br> |
|
|
|
86 to crash the QEMU process resulting in DoS scenario.<br> |
|
|
|
87 <br> |
|
|
|
88 Upstream patches:<br> |
|
|
|
89 -----------------<br> |
|
|
|
90 -&gt; <a rel="nofollow" href="https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html">https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html</a><br> |
|
|
|
91 -&gt;...<br></description> |
|
|
|
92 <pubDate>Wed, 16 Sep 2020 18:29:25 GMT</pubDate> |
|
|
|
93 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/180</guid> |
|
|
|
94 </item> |
|
|
|
95 <item> |
|
|
|
96 <title>Re: [CVE-2020-13944] Apache Airflow Reflected XSS via Origin Parameter <= 1.10.12</title> |
|
|
|
97 <link>http://seclists.org/oss-sec/2020/q3/179</link> |
|
|
|
98 <description><p>Posted by Kaxil Naik on Sep 16</p>Correction the issue only affects &lt; 1.10.12 (not &lt;= 1.10.12)<br></description> |
|
|
|
99 <pubDate>Wed, 16 Sep 2020 14:54:19 GMT</pubDate> |
|
|
|
100 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/179</guid> |
|
|
|
101 </item> |
|
|
|
102 <item> |
|
|
|
103 <title>Multiple vulnerabilities in Jenkins plugins</title> |
|
|
|
104 <link>http://seclists.org/oss-sec/2020/q3/178</link> |
|
|
|
105 <description><p>Posted by Daniel Beck on Sep 16</p>Jenkins is an open source automation server which enables developers around<br> |
|
|
|
106 the world to reliably build, test, and deploy their software.<br> |
|
|
|
107 <br> |
|
|
|
108 The following releases contain fixes for security vulnerabilities:<br> |
|
|
|
109 <br> |
|
|
|
110 * Blue Ocean Plugin 1.23.3<br> |
|
|
|
111 * computer-queue-plugin Plugin 1.6<br> |
|
|
|
112 * Email Extension Plugin 2.76<br> |
|
|
|
113 * Health Advisor by CloudBees Plugin 3.2.1<br> |
|
|
|
114 * Mailer Plugin 1.32.1<br> |
|
|
|
115 * Perfecto Plugin 1.18<br> |
|
|
|
116 * Pipeline Maven Integration Plugin 3.9.3<br> |
|
|
|
117 * Validating String...<br></description> |
|
|
|
118 <pubDate>Wed, 16 Sep 2020 13:14:57 GMT</pubDate> |
|
|
|
119 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/178</guid> |
|
|
|
120 </item> |
|
|
|
121 <item> |
|
|
|
122 <title>[CVE-2020-13944] Apache Airflow Reflected XSS via Origin Parameter <= 1.10.12</title> |
|
|
|
123 <link>http://seclists.org/oss-sec/2020/q3/177</link> |
|
|
|
124 <description><p>Posted by Kaxil Naik on Sep 16</p>Versions Affected: &lt;= 1.10.12<br> |
|
|
|
125 Description:<br> |
|
|
|
126 The &quot;origin&quot; parameter passed to some of the endpoints like &apos;/trigger&apos; was<br> |
|
|
|
127 vulnerable to XSS exploit.<br> |
|
|
|
128 <br> |
|
|
|
129 Credit:<br> |
|
|
|
130 The issue was independently discovered and reported by Ali Al-Habsi of<br> |
|
|
|
131 Accellion &amp; Everardo Padilla Saca.<br> |
|
|
|
132 <br> |
|
|
|
133 Thanks,<br> |
|
|
|
134 Kaxil,<br> |
|
|
|
135 on behalf of Apache Airflow PMC<br></description> |
|
|
|
136 <pubDate>Wed, 16 Sep 2020 12:08:37 GMT</pubDate> |
|
|
|
137 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/177</guid> |
|
|
|
138 </item> |
|
|
|
139 <item> |
|
|
|
140 <title>Linux Kernel: out-of-bounds reading in vgacon_scrolldelta</title> |
|
|
|
141 <link>http://seclists.org/oss-sec/2020/q3/176</link> |
|
|
|
142 <description><p>Posted by NopNop Nop on Sep 16</p>Hi,<br> |
|
|
|
143 <br> |
|
|
|
144 We found a out-of-bounds reading in vgacon_scrolldelta. This BUG is caused<br> |
|
|
|
145 by &quot;soff&quot; being negative after VT_RESIZE.<br> |
|
|
|
146 <br> |
|
|
|
147 Our PoC (panic with CONFIG_KASAN=y):<br> |
|
|
|
148 <br> |
|
|
|
149 #include &lt;stdio.h&gt;<br> |
|
|
|
150 #include &lt;stdlib.h&gt;<br> |
|
|
|
151 #include &lt;unistd.h&gt;<br> |
|
|
|
152 #include &lt;sys/types.h&gt;<br> |
|
|
|
153 #include &lt;sys/stat.h&gt;<br> |
|
|
|
154 #include &lt;sys/ioctl.h&gt;<br> |
|
|
|
155 #include &lt;fcntl.h&gt;<br> |
|
|
|
156 <br> |
|
|
|
157 int main(int argc, char** argv)<br> |
|
|
|
158 {<br> |
|
|
|
159 int fd = open(&quot;/dev/tty1&quot;, O_RDWR, 0);...<br></description> |
|
|
|
160 <pubDate>Wed, 16 Sep 2020 10:14:45 GMT</pubDate> |
|
|
|
161 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/176</guid> |
|
|
|
162 </item> |
|
|
|
163 |
|
|
|
164 |
|
|
|
165 <item> |
|
|
|
166 <title>[CVE-2020-13948] Apache Superset Remote Code Execution Vulnerability</title> |
|
|
|
167 <link>http://seclists.org/oss-sec/2020/q3/175</link> |
|
|
|
168 <description><p>Posted by William Barrett on Sep 15</p>Affected Versions: Apache Superset &lt; 0.37.1<br> |
|
|
|
169 <br> |
|
|
|
170 While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests <br> |
|
|
|
171 via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the <br> |
|
|
|
172 web application process. It was thus possible for an authenticated user to list and access files, environment <br> |
|
|
|
173 variables, and process information. Additionally...<br></description> |
|
|
|
174 <pubDate>Tue, 15 Sep 2020 18:26:51 GMT</pubDate> |
|
|
|
175 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/175</guid> |
|
|
|
176 </item> |
|
|
|
177 <item> |
|
|
|
178 <title>CVE-2020-14390: Linux kernel: slab-out-of-bounds in fbcon</title> |
|
|
|
179 <link>http://seclists.org/oss-sec/2020/q3/174</link> |
|
|
|
180 <description><p>Posted by Minh Yuan on Sep 15</p>Hi,<br> |
|
|
|
181 <br> |
|
|
|
182 I found a out-of-bound write in fbcon_redraw_softback while the kernel<br> |
|
|
|
183 version &lt;= 5.9.rc5. The oldest affected kernel version is 2.2.3.<br> |
|
|
|
184 The root cause of this vulnerability is that the value of vc-&gt;vc_origin is<br> |
|
|
|
185 not updated in time while invoking vc_do_resize.<br> |
|
|
|
186 <br> |
|
|
|
187 This is my PoC (need the permission to open and write the tty, and need to<br> |
|
|
|
188 have a fbcon driver):<br> |
|
|
|
189 <br> |
|
|
|
190 // author by ziiiro@thu<br> |
|
|
|
191 #include &lt;stdio.h&gt;<br> |
|
|
|
192 #include &lt;stdlib.h&gt;...<br></description> |
|
|
|
193 <pubDate>Tue, 15 Sep 2020 11:08:01 GMT</pubDate> |
|
|
|
194 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/174</guid> |
|
|
|
195 </item> |
|
|
|
196 <item> |
|
|
|
197 <title>Fwd: [CVE-2020-13928 ] Apache Atlas Multiple XSS Vulnerability</title> |
|
|
|
198 <link>http://seclists.org/oss-sec/2020/q3/173</link> |
|
|
|
199 <description><p>Posted by Keval Bhatt on Sep 15</p>Hello,<br> |
|
|
|
200 <br> |
|
|
|
201 Please find below details on CVE fixed in Apache Atlas releases *2.1.0*<br> |
|
|
|
202 <br> |
|
|
|
203 -------------------------------------------------------------------------------------------------<br> |
|
|
|
204 <br> |
|
|
|
205 CVE-2020-13928: Atlas was found vulnerable to a Cross-Site<br> |
|
|
|
206 Scripting in Basic Search functionality.<br> |
|
|
|
207 <br> |
|
|
|
208 Severity: Critical<br> |
|
|
|
209 <br> |
|
|
|
210 Vendor: The Apache Software Foundation<br> |
|
|
|
211 <br> |
|
|
|
212 Versions affected: Apache Atlas versions 2.0.0...<br></description> |
|
|
|
213 <pubDate>Tue, 15 Sep 2020 07:34:08 GMT</pubDate> |
|
|
|
214 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/173</guid> |
|
|
|
215 </item> |
|
|
|
216 |
|
|
|
217 |
|
|
|
218 <item> |
|
|
|
219 <title>[CVE-2020-11977] Apache Syncope: Remote Code Execution via Flowable workflow definition</title> |
|
|
|
220 <link>http://seclists.org/oss-sec/2020/q3/172</link> |
|
|
|
221 <description><p>Posted by Francesco Chicchiriccò on Sep 14</p>Description:<br> |
|
|
|
222 When the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to <br> |
|
|
|
223 perform malicious operations, including but not limited to file read, file write, and code execution.<br> |
|
|
|
224 <br> |
|
|
|
225 Severity: Low<br> |
|
|
|
226 <br> |
|
|
|
227 Vendor: The Apache Software Foundation<br> |
|
|
|
228 <br> |
|
|
|
229 Affects:<br> |
|
|
|
230 2.1.X releases prior to 2.1.7<br> |
|
|
|
231 <br> |
|
|
|
232 Solution:<br> |
|
|
|
233 2.1.X users: upgrade to 2.1.7<br> |
|
|
|
234 <br> |
|
|
|
235 Credit:<br> |
|
|
|
236 This issue was discovered by ch0wn of Orz Lab.<br></description> |
|
|
|
237 <pubDate>Mon, 14 Sep 2020 10:57:54 GMT</pubDate> |
|
|
|
238 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/172</guid> |
|
|
|
239 </item> |
|
|
|
240 |
|
|
|
241 |
|
|
|
242 <item> |
|
|
|
243 <title>[CVE-2020-11991] Apache Cocoon security vulnerability</title> |
|
|
|
244 <link>http://seclists.org/oss-sec/2020/q3/171</link> |
|
|
|
245 <description><p>Posted by Cédric Damioli on Sep 11</p>[CVE-2020-11991] Apache Cocoon security vulnerability<br> |
|
|
|
246 <br> |
|
|
|
247 Severity: Important<br> |
|
|
|
248 <br> |
|
|
|
249 Vendor: The Apache Software Foundation<br> |
|
|
|
250 <br> |
|
|
|
251 Versions Affected: Apache Cocoon up to 2.1.12<br> |
|
|
|
252 <br> |
|
|
|
253 Description: When using the StreamGenerator, the code parse a <br> |
|
|
|
254 user-provided XML.<br> |
|
|
|
255 <br> |
|
|
|
256 A specially crafted XML, including external system entities, could be <br> |
|
|
|
257 used to access any file on the server system.<br> |
|
|
|
258 <br> |
|
|
|
259 Mitigation:<br> |
|
|
|
260 <br> |
|
|
|
261 The StreamGenerator now ignores external entities. 2.1.x users should...<br></description> |
|
|
|
262 <pubDate>Fri, 11 Sep 2020 10:07:37 GMT</pubDate> |
|
|
|
263 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/171</guid> |
|
|
|
264 </item> |
|
|
|
265 |
|
|
|
266 |
|
|
|
267 <item> |
|
|
|
268 <title>Re: CVE Request: Linux kernel vsyscall page refcounting error</title> |
|
|
|
269 <link>http://seclists.org/oss-sec/2020/q3/170</link> |
|
|
|
270 <description><p>Posted by Salvatore Bonaccorso on Sep 10</p>CVE-2020-25221 has been assigned by MITRE for this issue (note one<br> |
|
|
|
271 cannot request anymore CVEs through that list but one can use<br> |
|
|
|
272 <a rel="nofollow" href="https://cveform.mitre.org/">https://cveform.mitre.org/</a>)<br> |
|
|
|
273 <br> |
|
|
|
274 Regards,<br> |
|
|
|
275 Salvatore<br></description> |
|
|
|
276 <pubDate>Thu, 10 Sep 2020 14:54:18 GMT</pubDate> |
|
|
|
277 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/170</guid> |
|
|
|
278 </item> |
|
|
|
279 |
|
|
|
280 |
|
|
|
281 |
|
|
|
282 <!-- MHonArc v2.6.19 --> |
|
|
|
283 </channel> |
|
|
|
284 </rss> |
|