copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » Security Bul... » AusCERT Exte... » ESB-2013.0501.2 - UPDATE [Win] Microsoft Sharepoint ...
 

ESB-2013.0501.2 - UPDATE [Win] Microsoft Sharepoint Server 2013: Access confidential data - Existing account
Date: 10 April 2013

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2013.0501.2
 Vulnerability in SharePoint Could Allow Information Disclosure (2827663)
                               10 April 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Microsoft Sharepoint Server 2013
Publisher:         Microsoft
Operating System:  Windows
Impact/Access:     Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2013-1290  

Original Bulletin: 
   https://technet.microsoft.com/en-us/security/bulletin/ms13-030

Revision History:  April 10 2013: Updated the Summary
                   April  9 2013: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Microsoft Security Bulletin MS13-030 - Important

Vulnerability in SharePoint Could Allow Information Disclosure (2827663)

Published Date: April 9, 2013

Version: 1.0

General Information

Executive Summary

This security update resolves a publicly disclosed vulnerability in Microsoft 
SharePoint Server. The vulnerability could allow information disclosure if an 
attacker determined the address or location of a specific SharePoint list and 
gained access to the SharePoint site where the list is maintained. The attacker 
would need to be able to satisfy the SharePoint site's authentication requests 
to exploit this vulnerability.

This security update is rated Important for all supported editions of Microsoft 
SharePoint Server 2013. 

Affected Software

Microsoft SharePoint Server 2013 (coreserver)(2760625)
Microsoft SharePoint Server 2013 (sts)

Incorrect Access Rights Information Disclosure Vulnerability - CVE-2013-1290

An information disclosure vulnerability exists in the way that SharePoint 
Server enforces access controls on specific SharePoint Lists.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUWT9C+4yVqjM2NGpAQIzSRAAl9EODmk/lkxtp5FUs43kesOsfohtscaN
qi8HPxz4VAM8T4bYZS/LXa+7JIYYlYo0Zx2od1GfJ1YAUzW0reY+oPtw0dOLooBU
M81Ye8qfERAzqrneJk1Fx/IIl4T7AqmbteFk4gR0tABm7XeRbpvKExdx/QsrDF3R
0tBdgG7ZWmN3r27lmdgJoZOO8votD4sv2JpGVCH+od7677RKdlamTY9vF+oifFC6
WM9EKmLTlxiVCIhJ22Z2TpmoahhkY2tztz3c3vltX0Ax/Ofs4EdFGxvoRfG7knJn
0+YH5wX9lr/nVIqaR9FjJGBXtRFzi37WJAAK854ScfE9w+J+2XO4ILybiYpmqap9
gNIEpHYKDJ9EPpD6jLCY3v3kj77O+ELLL6wiArFLY3/QCNZkRL6saFTRibP+PFTb
Fuv9heOR4kriRSZVGQYGjySdXrdBWdw+te0tGorEEPVDJDKK1slXDSAY8D4EEjHj
aaluBxsJhMRSApKEjvcG1pMXRu031y87zrEZeW680kL615/tbH2blMc0HdfHKKWs
DhTDNK+xF6bmnDcHGmcrz7BCMqJ2d6Qex6TMUnSWev0rM4frvXrhq6JDo+VTyOaH
mC6xXQ5C05+PB1ph5Dw9oV+QDH5s8vcKdSf27y8s9xiHoKgR9+2AaveGnGL4y83J
whlka9tmRkc=
=tq+0
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=1980&it=17337