Information security: news week of February 1, 2014

Posted: February 1, 2014 in IT Security News
Tags: , , , , , ,

LinuxIn the implementation of the Linux kernel x32 ABI found serious vulnerability

The critical vulnerability (CVE-2014 – 0038) has been detected in the Linux kernel.

The vulnerability allows local users to elevate their privileges in the system and execute code with kernel privileges. The problem occurs only when compiling the kernel with support for x32 ABI, allowing the use of 64 -bit systems, 32-bit memory addressing model. The vulnerability manifests itself only on 64- discharge of the Linux kernel since release 3.4, compiled with the option CONFIG_X86_X32 (not to be confused with CONFIG_X86_32, the problem is not subject to the configuration in which the 32- bit applications run on a system with 64- bit kernel and 32-bit kernel build without support x32 ABI).

The vulnerability is present in the kernel package 3.11 and 3.8 from the Ubuntu 13.10 and 12.04 LTS, which are assembled with limited support x32 ABI. Update for Ubuntu users has been released. This vulnerability is affected by latest version of the vanilla kernel Linux 3.10.28, 3.12.9 and 3.13.1. Update for the Linux kernel is not yet available, but patch already prepared. Check whether collected CONFIG_X86_X32 kernel with most distributions with the command “grep CONFIG_X86_X32 / boot/config-` uname-r `”. Core staffing of Debian GNU / Linux, Fedora, RHEL, openSUSE and Arch Linux this problem is not affected.

To learn more visit: http://openwall.com/lists/oss-security/2014/01/31/2

MediaWikiDangerous vulnerability in MediaWiki

A critical vulnerability (CVE-2014 -1610) has been discovered in the popular MediaWiki wiki-engine. The vulnerability manifests itself if you have enabled file upload support for DjVu or PDF files.

The error in the code for creating thumbnails DjVu files could allow an attacker to organize the execution of arbitrary PHP- code on the server. A similar problem is found in the code of creating thumbnails if enabled download PDF- files support, but it only appears when installing the PdfHandler extension. These problems have been fixed in releases 1.22.2, 1.21.5 and 1.19.11. The vulnerability has been identified Netanel Rubin from Check Point and promptly corrected in Wikipedia.

To learn more visit http://lists.wikimedia.org/pipermail/…/2014-January/000140.html

Java DangerResearchers have detected new Java malware, affecting Windows, OS X and Linux platforms

Kaspersky Lab has identified malicious software written in Java and affects systems with Windows, OS X and Linux. The malware exploits a Java vulnerability CVE-2013-2465, which is present in Java SE 7 Update 21 and Java SE 6 Update 45 and earlier versions, to penetrate in the system. In the case of the successful implementation of the system, malware begins to take control commands by connecting to IRC- server, and can participate in the DDoS- attacks (supports HTTP- and UDP- flood).

It is noteworthy that after the successful exploitation of this vulnerability in Linux, to activate after reboot malicious software tries to register itself in the init scripts / etc / init.d /, that works only if the compromised browser was launched with root privileges.

To learn more visit: http://threatpost.com/…java-bot-used-for-ddos-attacks/103912

PidginUpdate Pidgin 2.10.8 with the elimination of 17 vulnerabilities

After almost a year since the last issue, has been presented another corrective update of the client for instant messaging Pidgin 2.10.8. Update recommended to compulsory upgrade because it contains eliminating 17 vulnerabilities.

Majority of the vulnerabilities could allow remote initiation of the destruction of the program, however, four vulnerabilities ( in the code of parsing of chunked HTTP requests, MXit emoticons, SIMPLE titles and Gadu-Gadu requests) can lead to a buffer overflow and potentially code executing of the attacker.

Non-security changes include providing support for Python 3 in the supplied assembly scripts and plugins in Python language. In the Windows version do not run the default file when clicking file:// links. The “untrusted” SSL certificates problems for AIM has been solved. In the composition included a plug for integration with users’ environment Ubuntu Unity.

It should be noted that after the publication of the release in version 2.10.8 identified a number of problems of compound with some XMPP-servers and interaction with Facebook Chat.

To learn more visit: https://developer.pidgin.im/wiki/ChangeLog

ChewBacca TrojanChewBacca Trojan targets smaller retailers in 11 countries

The most active Trojan for terminals spreads in the USA, Russia, Canada and Australia.

Security experts from  RSA have discovered botnet activity, the main purpose of which was the theft of data on users’ bank card through terminals. As it turned out, it was a virus ChewBacca, which was first described in detail by experts of Kaspersky Lab. According to Kaspersky Lab, the trojan connects to the C&C server via the Tor anonymity network, which helps hide the involved IP address.

According to experts RSA, machines that are part of a botnet, located in 11 different countries, the most active Trojan spreads in the USA. In addition, the Trojan horse is active in Russia, Canada and Australia.

We recall that, according to Kaspersky Lab company, Trojan is an executable PE32 file, distributed Free Pascal compiler 2.7.1 on 22 October 2013, a volume of 5 MB with Tor 0.2.3.25. It is known that after the launch, the virus records keystrokes into “system.log”, which is created in the temporary folder on the victim’s system.

To learn more visit: https://blogs.rsa.com/…payment-card-personal-information/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s