In order to inspect encrypted data streams using SSL/TLS, Kaspersky installs a WFP driver to intercept all outgoing HTTPS connections. They effectively proxy SSL connections, inserting their own certificate as a trusted authority in the system store and then replace all leaf certificates on-the-fly. This is why if you examine a certificate when using Kaspersky Antivirus, the issuer appears to be "Kaspersky Anti-Virus Personal Root". Kaspersky's certificate interception has previously resulted in serious vulnerabilities, but quick review finds many simple problems still exist. For example, the way leaf certificates are cached uses an extremely naive fingerprinting technique. Kaspersky cache recently generated certificates in memory in case the user agent initiates another connection. In order to do this, Kaspersky fetches the certificate chain and then checks if it's already generated a matching leaf certificate in the cache. If it has, it just grabs the existing certificate and private key and then reuses it for the new connection. The cache is a binary tree, and as new leaf certificates and keys are generated, they're inserted using the first 32 bits of MD5(serialNumber||issuer) as the key. If a match is found for a key, they just pull the previously generated certificate and key out of the binary tree and start using it to relay data to the user-agent. You don't have to be a cryptographer to understand a 32bit key is not enough to prevent brute-forcing a collision in seconds. In fact, producing a collision with any other certificate is trivial.
62a363de88e0143fb1b6e4fbc89e03980ce4d3bb71f50510388690356f2ef1c2As a part of the KNOX extensions available on Samsung devices, Samsung provides a TrustZone trustlet which allows the generation of OTP tokens. The OTP TrustZone trustlet suffers from a stack buffer overflow.
d251f615016ad2f13d1ac6b46b510c797add40d6d16be9da1091512713543876This proof of concept exploit aims to execute a reverse shell on the target in the context of the web server user via a vulnerable PHP email library.
a6480837acf975f49749549e06ab31dc5538b6276d390b38aa0f7a89e63148d0Samsung's lkmauth feature suffers from a kernel module verification bypass vulnerability.
d3e8df02ad2ff3dcdcf65ecac7602a7b7a92dabfacf78b38ce1d773ee6732c0dGentoo Linux Security Advisory 201701-15 - Multiple vulnerabilities have been found in Mozilla Firefox, SeaMonkey, and Thunderbird the worst of which could lead to the execution of arbitrary code. Versions less than 45.6.0 are affected.
0bedd3566eb12b4450576ccf6cab5a26e4212a62071909223fd527560cddaa66Red Hat Security Advisory 2017-0002-01 - Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The following packages have been upgraded to a newer upstream version: rh-nodejs4-nodejs, rh-nodejs4-http-parser. Security Fix: It was found that Node.js' tls.checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate accepted by a Node.js TLS client.
487f8935425fab345c81e3d7c667d1f0fbea527ff25fc99538a766b46a2d968bAs a part of the KNOX extensions available on Samsung devices, Samsung provides a new service which allows the generation of OTP tokens and suffers from a heap overflow vulnerability.
5c188675a5f0bb9b4a4a2e92aeb5426c41a9d970faee7de29a34102d938f6483Kaspersky fails to adequately protect its local CA root.
e616d063bcea88d45ea4488a02eadbbf74b14cc52e5b5963dad38248c18bd1aaStack buffer overflow and information disclosure vulnerabilities exist in the Samsung OTP TrustZone trustlet via OTP_GET_CRYPTO_DERIVED_KEY.
4be8f76a129448aa3f0cabbae41989cd16d89dc95b8f9b129a48d198c0e109beRed Hat Security Advisory 2017-0004-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash.
5e98612a0e8b9d97f38f548ca41a8e910a16e3612a05dcf2327d39714b89f095Red Hat Security Advisory 2017-0003-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.
c576a0024788624cca93300c576a93eea04781c886dabb1e23cefd52950286e2Debian Linux Security Advisory 3750-2 - A functionally regression was discovered in some specific usage scenarios of PHPMailer following the security update of DSA-3750. New packages have been released which correct the problem.
89d8975f83a99d2bdaab1219b4564fd46284c201591c36d28866cee151b2244cInternet Download Accelerator version 6.10.1.1527 SEH FTP buffer overflow exploit.
7874cb1d2810b2da3d57766262574c5caf3e798d8c840e2c0f7736799222c852Netgear models DGN2200, DGND3700, and WNDR4500 suffer from multiple information disclosure vulnerabilities, one of which leaks the admin password.
7699e7293cf0532854ab48aef49ffce47460743150b4bd1783417f036424a521My Click Counter version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c9fbd3f73b992b9916c183ac0fa0f68c3da72fc5dca9625197f5646d39558f7dPDFAdd version 1.2 suffers from a dll hijacking vulnerability.
3e623315804f0a9f0fbc3a81913b342a2fd3e1375605f8f9bbe47a7886d270aa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed