Blogs

TLS Man in the Middle (MITM) attacks based on renegotiation - patches available for RHEL3,4,5

https://bugzilla.redhat.com/show_bug.cgi?id=533125

A recent paper on TLS renegotiation showed a method for injecting
information into the encrypted stream. This could lead to successful
Man in the Middle (MITM) attacks in an already encrypted stream.

The current mitigation patch that is officially supported by RedHat is
to totally disable encryption re-negotiation. This workaround has been
patched in OpenSSL 0.9.8l.

WordPress < 2.8.6 Arbitrary File Upload Vulnerability

http://www.securityfocus.com/bid/37005/info

"WordPress is prone to a vulnerability that lets attackers upload
arbitrary files. The issue occurs because the application fails to
adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and
run it in the context of the webserver process. This may facilitate
unauthorized access or privilege escalation; other attacks are also
possible."

TLS Man in the Middle (MITM) attacks based on renegotiation - patches available for RHEL3,4,5

https://bugzilla.redhat.com/show_bug.cgi?id=533125

A recent paper on TLS renegotiation showed a method for injecting
information into the encrypted stream. This could lead to successful
Man in the Middle (MITM) attacks in an already encrypted stream.

The current mitigation patch that is officially supported by RedHat is
to totally disable encryption re-negotiation. This workaround has been
patched in OpenSSL 0.9.8l.

Autocomplete Data Theft in Mozilla Firefox

http://www.securityfocus.com/archive/1/507668

"A malicious web page can extract out all the data stored within the
autocomplete history of a user's Firefox browser. The web page must
convince a user to hold down the left or right-arrow keys then the
contents of the autocomplete popup can be read. This may includes the
search history box within the browser, or other personal details."

"Mozilla fixed this issue in the 3.5.4 and 3.0.0.15 releases of Firefox."

Autocomplete Data Theft in Mozilla Firefox

http://www.securityfocus.com/archive/1/507668

"A malicious web page can extract out all the data stored within the
autocomplete history of a user's Firefox browser. The web page must
convince a user to hold down the left or right-arrow keys then the
contents of the autocomplete popup can be read. This may includes the
search history box within the browser, or other personal details."

"Mozilla fixed this issue in the 3.5.4 and 3.0.0.15 releases of Firefox."

Adobe Shockwave Player Multiple Remote Code Execution and Denial of Service Vulnerabilities

http://www.securityfocus.com/bid/36905

"Adobe Shockwave Player is prone to a multiple remote code-execution and
denial-of-service vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the
context of the currently logged-in user and to cause denial-of-service
conditions.

Versions prior to Shockwave Player 11.5.2.602 for Microsoft Windows and
Apple Mac OS X are vulnerable. "

Adobe Shockwave Player Multiple Remote Code Execution and Denial of Service Vulnerabilities

http://www.securityfocus.com/bid/36905

"Adobe Shockwave Player is prone to a multiple remote code-execution and
denial-of-service vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the
context of the currently logged-in user and to cause denial-of-service
conditions.

Versions prior to Shockwave Player 11.5.2.602 for Microsoft Windows and
Apple Mac OS X are vulnerable. "

Pages