The node secret in various RSA products was stored using an encryption key and encryption algorithm that is no longer considered effective by RSA standards. An attacker could potentially exploit this to eavesdrop on or modify network communications.
ec2e53ead8f95b16862d03dec8d43560ce99aebd13724101d98dc9ab2a022ebaA vulnerability exists in EMC VNX and EMC Celerra Control Station that could result in elevation of privileges by a lower level administrator with access to the system.
61f490788c1fe52f910e20b8939b8105eaae8a31ecc8dcc9109db760deb50fbcUbuntu Security Notice 1831-1 - Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk.
10835c54fdf5939edf3ccaed8afc4356c8a46db6c60df83bf554c2037f70199cRed Hat Security Advisory 2013-0831-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd services until libvirtd is restarted.
58872bfdc65710ce6f27abe5f80750a55ab6c0365a5514c43bce5a86364a1f81Ubuntu Security Notice 1830-1 - Sam Stoelinga discovered that Keystone would not immediately invalidate tokens when deleting users via the v2 API. A deleted user would be able to continue to use resources until the token lifetime expired.
38838c5ed78fd69e0eaf7bf0a4e219d724788214094082f438bf80465530746aRed Hat Security Advisory 2013-0830-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.
e1ba7d97c796e3728e54bbe5dc6f6585c52bd5bbc310c337a723147e6569a753Call For Papers for the No cON Name 2013 conference. It will be held in Barcelona, Spain, from November 1st through the 2nd, 2013.
f2ed55ac7f40b715e2b64d348fd0e038de9ac3ad20e4a1d2268cbb3bb8b5c757This whitepaper discusses the security of Apple iOS with particular focus on its usage in the workplace.
2fb5854499fe79eb23aa158b159d2436c11cb67f5adf2372588353dbbffed11dUbuntu Security Notice 1829-1 - Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local attacker with NET_ADMIN capability could potentially exploit this flaw to escalate privileges. A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
30065b53ddbc5e3d5f60eb0248680ae22ae7dea007129944316fa5c56d25a3b9Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
7a1e617d18c6f22fa5f90a3098add6003baa0af42b8affb67d6bd5048a7dc3caSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
84aa8f94c67d69fe136235bcfb4c4057feb9a3ffaed64cd80ce46e1e19c964ebDebian Linux Security Advisory 2669-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.
bcfe3afbb4182656ff4cebf2d30b08f1bd994ad473bc4830c1ed33aa786d930eThis document is not intended to be a definitive guide, but more of a review of specific security issues resulting from the use of HTML 5.
e3b7da92b117e655d18a4b2e648cd4ef9db4d3e700ec2c3b40f6234edae3ba09This Metasploit module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with root privileges. In order to exploit the vulnerability a valid user (any role) in the web frontend is required. The module has been tested successfully on the Mutiny 5.0-1.07 appliance.
01d6456aa6f66c843f950a3e95e6b90c8d0c5ec0cde800f6939a9ede83195de8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed