Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Community Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe, Google and other Patch Tuesday patches

Adobe

Adobe published two advisories today:

(Correction: APSB13-25 was released last month, and I have removed it from this diary. Instead, APSB13-27 was added below)

APSB13-26: Security Updates for Flash Player

This update affects the Windows, OS X as well as the Linux version of Adobe Flash Player 11.9 (11.2 for Linux) , as well as Adobe Air 3.9. The Flashplayer vulnerability is assigned a priority of "1" on Windows and OS X which indicates an exploit has been sighted in the wild and Adobe recommends patch "as soon as possible" (72 hrs).

Vulnerabilities that are covered by this patch: CVE-2013-5329, CVE-2013-5330.

APSB13-27: Hotfix for Coldfusion

This hotfix affects Coldfusion 9 as well as 10. Adobe assigned it a priority of 1 for Coldfusion 10 and 2 for Coldfusion 9.x . The hotfix patches two vulnerabilities:

1 - A reflective XSS vulnerability in Coldfusion 9/10 (CVE-2013-5326)
2 - An authentication bypass problem in Coldfusion 10 (CVE-2013-5328)

The second vulnerability which allows unauthorized remote read access is probably the reason this hotfix is rated "1" for Coldfusion 10.

 

Google

Google released a new version of Chrome today: Chrome 31. The update includes 25 security fixes. Not exactly a security fix, but still interesting: Chrome 31 improves the SSL ciphers by adding support for the AES-GCM ciphers.

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Dr. J.

2098 Posts
ISC Handler
I'm confused...

ASPB13-25 was released last month and Reader 11.0.05 was released on Oct 8th

http://www.adobe.com/support/security/bulletins/apsb13-25.html

??
Anonymous

5 Posts
Thanks. I fixed the diary. I think this may have happened because APSB13-27 isn't live yet, but listed on the security summary page.
Dr. J.

2098 Posts
ISC Handler
Just something I noticed:
I went to :https://www.adobe.com/support/security/bulletins/apsb13-26.html
clicked on the top link and I get: http://get.adobe.com/flashplayer/

looking in Flagfox I see it is a Ukraine IP: 192.150.16.58
I then went to the top Domain in Adobe then to the downloads page and I get the same thing.
openDNS is my DNS resolver
Since when did Adobe start hosting the Flash downloads in the Ukraine? I'm thinking it could be bogus.

I just refreshed it twice now it shows as USA based Apache NOT JRun in Ukraine....odd stuff
Big "E"

9 Posts
192.150.16.0/24 seems to be some kind of anycast-announced netblock. So depending where I traceroute from, it would appear to be hosted in Dallas, or Dublin, or ...
Steven C.

170 Posts
Thanks... just seemed odd and after their breach trustworthiness is gone :)
Big "E"

9 Posts
> looking in Flagfox I see it is a Ukraine IP: 192.150.16.58

I looked at www.arin.net/whois -- that /24 is allocated to ADOBE, as is 192.150.15.0/24 and 192.150.17.0/24

Using NSLOOKUP with the '-debug' option shows a TTL of about 30 seconds for the result, either:

Name: get.wip4.adobe.com
Address: 192.150.16.58
Aliases: get.adobe.com

or:

Name: get.wip4.adobe.com
Address: 193.104.215.66
Aliases: get.adobe.com

i.e., somewhere in Texas or somewhere in Europe.

Round-robin load-balancing by Adobe's DNS-servers ?

adobe.com
nameserver = adobe-dns-03.adobe.com
ttl = 1955 (32 mins 35 secs)
nameserver = adobe-dns-05.adobe.com
ttl = 1955 (32 mins 35 secs)
nameserver = adobe-dns-04.adobe.com
ttl = 1955 (32 mins 35 secs)
nameserver = adobe-dns-02.adobe.com
ttl = 1955 (32 mins 35 secs)
nameserver = adobe-dns-01.adobe.com
ttl = 1955 (32 mins 35 secs)

Comments?
Anonymous

59 Posts

Sign Up for Free or Log In to start participating in the conversation!