exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 3,695 RSS Feed

Protocol Files

GNU Transport Layer Security Library 3.8.5
Posted Apr 4, 2024
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: Added option to disable RSAES-PKCS1-v1_5. Added support for RIPEMD160 and PBES1-DES-SHA1 for backward compatibility with GCR. A couple of memory related issues have been fixed in RSA PKCS#1 v1.5 decryption error handling and deterministic ECDSA with earlier versions of GMP. Fixed a bug where building gnutls statically failed due to a duplicate definition of nettle_rsa_compute_root_tr().
tags | protocol, library
SHA-256 | 66269a2cfe0e1c2dabec87bdbbd8ab656f396edd9a40dd006978e003cfa52bfc
Wireshark Analyzer 4.2.4
Posted Mar 28, 2024
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: pcap and pcapng have been updated.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 46bd0f4474337144b30816fb2d8f14e72a26d0391f24fe0b7b619acdcdad8c0c
Ubuntu Security Notice USN-6718-1
Posted Mar 27, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6718-1 - Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.

tags | advisory, remote, web, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2024-2004, CVE-2024-2398
SHA-256 | 626a0b8a1438ccde6a1826653d3285d7f2a9a3cd644e2dfcfff06f2bc14e0f9d
Ubuntu Security Notice USN-6700-2
Posted Mar 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6700-2 - It was discovered that the Layer 2 Tunneling Protocol implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2022-20567, CVE-2023-34256, CVE-2023-39197, CVE-2023-51781, CVE-2024-0775, CVE-2024-1086, CVE-2024-24855
SHA-256 | 4c2466c5a1092f0062ced6462c5b58b113956d4b9c6caa9042e032feef05a6f5
GNU Transport Layer Security Library 3.8.4
Posted Mar 20, 2024
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: RSA-OAEP encryption scheme is now supported in libgnutls. libgnutls had a side-channel in the deterministic ECDSA fixed along with a couple other bug fixes. Three API and ABI modifications as well.
tags | protocol, library
SHA-256 | 2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b
OpenSCAP Libraries 1.3.10
Posted Mar 19, 2024
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Eight new features and nine bug fixes have been added.
tags | protocol, library
systems | unix
SHA-256 | 0d023ff3fbdec617768ea5977fd3bb6702dfef4ae595da9a5bbc6ecc6ac9e575
Ubuntu Security Notice USN-6700-1
Posted Mar 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6700-1 - It was discovered that the Layer 2 Tunneling Protocol implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2022-20567, CVE-2023-34256, CVE-2023-39197, CVE-2023-51781, CVE-2024-0775, CVE-2024-1086, CVE-2024-24855
SHA-256 | 2c7355c5b5d096d3837750dde9769934b471e8730c5ae98b584551bed8fee54c
Kernel Live Patch Security Notice LSN-0101-1
Posted Mar 7, 2024
Authored by Benjamin M. Romer

Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux
advisories | CVE-2023-6817, CVE-2023-6932, CVE-2023-7192, CVE-2024-0193, CVE-2024-0646
SHA-256 | bc88723b94872c87e1cb00b2d83a704f36fe21c1a1c29ddd39f56580a64d63b7
Ubuntu Security Notice USN-6647-2
Posted Mar 1, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6647-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-51780, CVE-2023-51782, CVE-2023-7192
SHA-256 | f482b4121fdbb18a1aa10eff28af9de753dabde4e2a5df33e96dc30e687a2222
Ubuntu Security Notice USN-6647-1
Posted Feb 21, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6647-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-51780, CVE-2023-51782, CVE-2023-7192
SHA-256 | dc6419bae3374862f7e099238c6f62915d628b60e52c658d5d47d2442058067e
Ubuntu Security Notice USN-6646-1
Posted Feb 21, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6646-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-51780, CVE-2023-51782, CVE-2023-7192
SHA-256 | 263643db87a6432edb065900eea41c3a1d8ae0e9c08508a673c02ef018cf394a
NFC Relay Attack On Tesla Model Y
Posted Feb 21, 2024
Authored by Josep Pi Rodriguez | Site ioactive.com

This paper will walk you through the proof-of-concept and technical details of exploitation for IOActive's recent NFC relay attack on the newest Tesla vehicle, the Model Y. To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and they then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi-Fi using the Proxmark's BlueShark module.

tags | paper, protocol, wireless
SHA-256 | 1b2f050c027e1bfe9702c6a2a927a78ccba6ef0043e76bbe3a63de1a54eaecc8
Wireshark Analyzer 4.2.3
Posted Feb 15, 2024
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: 20 bug fixes along with updated protocol support for ASAM CMP, CAN, CFLOW, CMIP, CMP, DAP, DICOM, DISP, E2AP, GLOW, GOOSE, GTP, GTPv2, H.225, H.245, H.248, HTTP2, IEEE 1609.2, IEEE 1722, IPv4, IPv6, ISO 15765, ISUP, ITS, Kerberos, LDAP, MMS, NBT, NRUP, openSAFETY, P22, P7, PARLAY, RTMPT, RTP, SCSI, SOME/IP, T.38, TCP, TECMP, TFTP, WOW, X.509if, X.509sat, X.75, X11, Z39.50, and ZigBee Green Power.
tags | tool, sniffer, protocol
systems | windows, unix
SHA-256 | 958bd5996f543d91779b1a4e7e952dcd7b0245fe82194202c3333a8f78795811
Kernel Live Patch Security Notice LSN-0100-1
Posted Feb 8, 2024
Authored by Benjamin M. Romer

It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. Various other issues were discovered and addressed.

tags | advisory, kernel, protocol
systems | linux
advisories | CVE-2023-5345, CVE-2023-6040, CVE-2023-6176, CVE-2023-6817, CVE-2023-6932
SHA-256 | 55bac94f220995e2504245406daa6739d0a8e896be555aa348a44bc0e7cc793a
WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution
Posted Feb 2, 2024
Authored by ItsSixtyN3in

WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs. The victim has to interact with the link, which can then enable an attacker to bypass security measures for malicious file delivery.

tags | exploit, web, arbitrary, shell, protocol
advisories | CVE-2023-42222
SHA-256 | 697050685574d8cbeaf2f42aaa7b87535a8f6cf1ec1ce436dac7c65634057623
OpenSSL Toolkit 3.2.1
Posted Jan 31, 2024
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The latest stable version is the 3.2 series supported until 23rd November 2025.

Changes: 5 security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727
SHA-256 | 83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39
OpenSSL Toolkit 3.1.5
Posted Jan 31, 2024
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.1 series is supported until 14th March 2025.

Changes: 5 security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727
SHA-256 | 6ae015467dabf0469b139ada93319327be24b98251ffaeceda0221848dc09262
OpenSSL Toolkit 3.0.13
Posted Jan 31, 2024
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.0 series is a Long Term Support (LTS) version and is supported until 7th September 2026.

Changes: 5 security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727
SHA-256 | 88525753f79d3bec27d2fa7c66aa0b92b3aa9498dafd93d7cfa4b3780cdae313
Ubuntu Security Notice USN-6607-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6607-1 - It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-5345, CVE-2023-6040, CVE-2023-6606, CVE-2023-6817, CVE-2023-6931, CVE-2023-6932, CVE-2024-0193
SHA-256 | 129bf8e03fcff7ad53aea0dbb1617e402b728e93911e0d73e3c75fb0e9b25fd1
Ubuntu Security Notice USN-6601-1
Posted Jan 26, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6601-1 - It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, protocol
systems | linux, ubuntu
advisories | CVE-2023-6932
SHA-256 | cca79625b03d2bb1e94883b9d350917c326da4fe2ad588949119d92376aebd76
Ubuntu Security Notice USN-6598-1
Posted Jan 25, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6598-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2023-48795
SHA-256 | dd8a1a95b3a16c6fe45623db4f26f252a81bb8e5b368cdbaffd76de031b0e0fd
Ubuntu Security Notice USN-6589-1
Posted Jan 19, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6589-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2023-48795
SHA-256 | 8518668a4badaa795ff43751102221732a1799bf651302c95ea7ee967ec088d0
GNU Transport Layer Security Library 3.8.3
Posted Jan 16, 2024
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: libgnutls had multiple security fixes. They fixed more timing side-channel issues inside RSA-PSK key exchange. They fixed an assertion failure when verifying a certificate chain with a cycle of cross signatures. Fixed a regression in handling Ed25519 keys stored in PKCS#11 token certtool that was unable to handle Ed25519 keys generated on PKCS#11 with pkcs11-tool (OpenSC). This is a regression introduced in 3.8.2.
tags | protocol, library
advisories | CVE-2024-0553, CVE-2024-0567
SHA-256 | f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e
Ubuntu Security Notice USN-6585-1
Posted Jan 16, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6585-1 - Fabian Bäumer, Marcus Brinkmann, Joerg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue.

tags | advisory, remote, protocol
systems | linux, ubuntu
advisories | CVE-2023-48795
SHA-256 | d368df4c0d357987893502f341336db0f44b79a83468cb12d62846d219bc5e7b
Debian Security Advisory 5601-1
Posted Jan 12, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5601-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2023-48795
SHA-256 | 74939800a29d48ded37e9813459aa6b29068a867d2c407034d466d7a7bb36ee5
Page 1 of 148
Back12345Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close