Daily Archives: July 19, 2018

CVE-2016-10727 (evolution, ubuntu_linux)

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.

Microsoft detected Russian phishing attacks on three 2018 campaigns

Russia is still launching cyberattacks against the US, a Microsoft exec has revealed, contradicting what the President claimed just a few days ago. According to Microsoft VP for customer security and trust Tom Burt (shown above second from right, with his hand raised), his team discovered a spear-phishing campaign targeting three candidates running for office in 2018. Burt announced his team's findings while speaking on a panel at the Aspen Security Forum, where he also revealed that they traced the new campaign to a group believed to be operated by the GRU, Russia's largest foreign intelligence agency. In other words, those three candidates are being targeted by the same organization that infiltrated the DNC and Hillary Clinton's Presidential campaign in 2016.

Source: Buzzfeed News, Aspen Institute (YouTube)

CVE-2018-8018 (ignite)

Apache Ignite 2.5 and earlier serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.

CVE-2018-14421 (seacms)

SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF.

CVE-2017-18343 (symfony)

** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar.

CVE-2018-14439 (eos4j)

espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency transfers of unintended amounts.

Powering our customers: the innovation story behind Microsoft’s earnings

With Microsoft’s fourth quarter earnings, we delivered double-digit revenue growth across all segments anchored by the growing success in our commercial cloud as technology helps our customers power their innovation. Recently organizations like GE, PGA, NBA, Marks & Spencer, Starbucks, InMobi  Bayer and Telefonica shared how they are leveraging cloud and artificial intelligence to support growth and deliver great employee and customer experiences. Across industries and solution areas, here are some of the latest examples.

This week we unveiled a strategic partnership with Walmart as the company’s preferred cloud provider and strategic partner to accelerate its digital transformation in retail. Through a five-year agreement, Walmart has selected the full range of Microsoft cloud solutions, including Microsoft Azure and Microsoft 365 for enterprise-wide use, to help standardize across the company’s family of brands. Using a broad base of cloud, AI and Internet of Things (IoT) solutions, the company plans to further its mission in creating incredibly convenient ways for customers to shop and empower associates to do their best work.

We announced Campbell Soup Company selected Microsoft Azure. The much-loved soup and snack company announced plans to drive IT transformation with the help a global hybrid cloud solution. Campbell chose Azure to increase the flexibility, agility and resiliency of its always-on IT, provide employees with real-time access to customized information and insights, and optimize its complex supply chain.

At Microsoft Inspire this week, I was also thrilled to feature on stage Carlsberg and its ongoing digital transformation. For 171 years, the Carlsberg Group has been brewing for a better today and tomorrow. Now, the iconic brewery group is leveraging AI and IoT on Azure to bring more science to the craft of beer, increase speed to market and improve quality control through the “Beer Fingerprinting Project.”

Also onstage at Inspire, Microsoft CEO Satya Nadella shared how Walt Disney World Resort technology and conservation teams partnered with Microsoft to help develop the “tiniest smart homes” for the songbirds called purple martins. Purple martins are a unique species of bird that travel between South and North America each year to raise a family, but unfortunately their population is in decline. By outfitting birdhouses at Disney’s Animal Kingdom, using Azure IoT Edge with computer vision and building models to recognize important events, Disney scientists are able to learn more about the species and help inspire a new generation of conservationists in the parks. The scientists have unprecedented insight now into the nesting behavior of the purple martins. They are also creating new experiences for guests and have even built an augmented reality game on a tablet to help guests learn about what it takes to be a great purple martin parent.

We are seeing additional momentum in Azure IoT with one of our first customers for the new Azure Sphere. For more than 70 years, Sub-Zero and Wolf have built a legacy of innovation in food preservation and preparation. As the company looks toward the next wave of innovation, along with its new Cove dishwasher brand, Sub-Zero sees an opportunity to create more personalized experiences through connected products. Securing these products over the lifetime of the device is a top priority, and they are planning to use Azure Sphere as a comprehensive solution for future products to address security holistically at every layer.

When it comes to the modern workplace solution, we are seeing continued momentum across customers in the enterprise. The nearly 40,000 employees of Eli Lilly are on a mission to make medicines that help people live longer, healthier, more active lives. That is why Lilly takes a collaborative approach to discovering and developing new medicines — between lab researchers and the rest of the company, as well as with a global network of physicians, medical researchers and healthcare organizations — and has selected Microsoft 365 to bring together scientists across hundreds of locations and organizations and truly empower the workforce.

Across our Windows 10 and Surface business, we see customers taking advantage of how the right device can light up the modern workplace for employees. Melbourne-based infrastructure, building and rail leader John Holland selected 1,200 Surface Pros with LTE to power its field workers across large geographical construction zones. Using cellular and Wi-Fi, the Surface devices seamlessly connect workers with key information like blueprints and documents at project sites. As a Microsoft 365 E5 customer, the company has also deployed Surface Hub and Surface Book 2 devices. By standardizing on Microsoft modern workplace, John Holland is helping deliver a better experience to employees and a higher standard to customers.

With growing investments in Dynamics 365 as our third cloud, we are continuing to drive value for customers across various industries. National Oilwell Varco (NOV), a leading provider of technology, equipment and services for the global oil and gas industry, is deploying Dynamics 365 across its sales and field service networks worldwide. This deployment enables NOV to optimize productivity and minimize downtime by streamlining business processes and delivering a mobile-first approach to field service operations. NOV is investing in state-of-the-art technology and cloud services to deliver premier, customized experiences to customers.

Across every industry, businesses are expanding their digital business. These are just some of the most recent examples of leading enterprises choosing Microsoft solutions to help them transform customer experiences, fuel employee creativity and collaboration, innovate operations and bring new products to market.

 

The post Powering our customers: the innovation story behind Microsoft’s earnings appeared first on The Official Microsoft Blog.

CVE-2018-3859 (canvas_draw)

An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3860.

CVE-2018-3871 (canvas_draw)

An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3870.

CVE-2018-3857 (canvas_draw)

An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3858.

CVE-2018-3870 (canvas_draw)

An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3871.

CVE-2018-3860 (canvas_draw)

An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3859.

CVE-2018-3858 (canvas_draw)

An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3857.

CVE-2018-7602 (debian_linux, drupal)

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

CVE-2018-14332 (clementine)

An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user opens a malformed mp3 file.

CVE-2018-5533 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_domain_name_system, big-ip_edge_gateway, big-ip_fraud_protection_service, big-ip_global_traffic_manager, big-ip_link_controller, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, big-ip_webaccelerator)

Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.

CVE-2018-5540 (big-ip_domain_name_system, big-ip_global_traffic_manager, big-iq_centralized_management, big-iq_cloud_and_orchestration, enterprise_manager, f5_iworkflow)

On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.

CVE-2018-5534 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_domain_name_system, big-ip_edge_gateway, big-ip_fraud_protection_service, big-ip_global_traffic_manager, big-ip_link_controller, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, big-ip_webaccelerator)

Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic.

CVE-2018-5535 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_domain_name_system, big-ip_edge_gateway, big-ip_fraud_protection_service, big-ip_global_traffic_manager, big-ip_link_controller, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, big-ip_webaccelerator)

On F5 BIG-IP 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.2.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service.

CVE-2018-1529 (rational_doors_next_generation, rational_requirements_composer)

IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142291.

CVE-2018-5532 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_domain_name_system, big-ip_edge_gateway, big-ip_fraud_protection_service, big-ip_global_traffic_manager, big-ip_link_controller, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, big-ip_webaccelerator)

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name.

CVE-2018-1535 (rational_rhapsody_design_manager, rational_software_architect_design_manager)

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124557.

CVE-2018-1536 (rational_rhapsody_design_manager, rational_software_architect_design_manager)

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142558.

CVE-2018-1587 (rational_rhapsody_design_manager, rational_software_architect_design_manager)

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 could reveal technical error messages to allow an adversary to gain information about the application and database that could be used to conduct further attacks. IBM X-Force ID: 143500.

CVE-2018-1585 (rational_rhapsody_design_manager, rational_software_architect_design_manager)

IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143498.

CVE-2018-14404 (debian_linux, libxml2, ubuntu_linux)

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

CVE-2017-7481 (ansible_engine, gluster_storage, openshift_container_platform, openstack, virtualization)

Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.

CVE-2017-2673 (openstack)

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.