Day: 6 septiembre, 2018

El sistema operativo para móviles de Google, Android, revela información sensible sobre la configuración de la red a aplicaciones instaladas que se suscriban a ciertos mensajes internos emitidos por el sistema.

La dirección MAC del móvil, el BSSID, el nombre de la red, el rango IP de la red, la IP de la puerta de enlace, los servidores DNS... Toda esta información es revelada por el sistema operativo Android (sin pedir permisos adicionales) hasta su versión 8, conteniendo ya la 9 los parches necesarios para dejar de ofrecer esta información. Lo gracioso es que Android deja de ofrecer a través de la API recomendada la MAC real del dispositivo a partir de la versión 6, pero olvidaron eliminar esta información de los mensajes internos. Es necesario también indicar que esta información es accesible de forma legal siempre que se pida un permiso especial, pero este fallo permite accedir sin este permiso.

Más información:

Hispasec

 

More info: https://wpvulndb.com/vulnerabilities/9123

Apache Tomcat vulnerability CVE-2018-8034. Security Advisory. Security Advisory Description. The host name verification ... More info: https://support.f5.com/csp/article/K34468163

Apache Tomcat vulnerability - CVE-2018-8037. Security Advisory. Security Advisory Description. If an async request was ... More info: https://support.f5.com/csp/article/K98776835

Linux kernel vulnerability CVE-2016-5343. Security Advisory. Security Advisory Description. drivers/soc/qcom/qdsp6v2/voice_svc ... More info: https://support.f5.com/csp/article/K50462644

Today VMware has released the following new security advisory: VMSA-2018-0023 – AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities. Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories. Customers should review the security advisories and direct any questions to VMware Support.The post New VMware Security Advisory VMSA-2018-0023 appeared first on VMware Security & Compliance Blog. More info: https://blogs.vmware.com/security/2018/09/new-vmware-security-advisory-vmsa-2018-0023.html

Zhaoyang Wu discovered that cURL, an URL transfer library, contains abuffer overflow in the NTLM authentication code triggered by passwordsthat exceed 2GB in length on 32bit systems. More info: https://www.debian.org/security/2018/dsa-4286

More info: https://wpvulndb.com/vulnerabilities/9122

Michael Kaczmarczik discovered a vulnerability in the web interfacetemplate editing function of Sympa, a mailing list manager. Owner andlistmasters could use this flaw to create or modify arbitrary files inthe server with privileges of sympa user or owner view list config fileseven if edit_list.conf prohibits it. More info: https://www.debian.org/security/2018/dsa-4285

Quang Nguyen discovered an integer overflow in the Little CMS 2 colourmanagement library, which could result in denial of service and potentially theexecution of arbitrary code if a malformed IT8 calibration file isprocessed. More info: https://www.debian.org/security/2018/dsa-4284