Gentoo Linux Security Advisory 201412-35 - Multiple vulnerabilities have been found in RSYSLOG, allowing attackers to cause Denial of Service. Versions less than 8.4.2 are affected.
7db176d00ab76358788ddc53d62e7c9adc9a9502b21744efc78dd4089352ed30Wickr Desktop version 2.2.1 for Windows suffers from a local denial of service vulnerability.
a23d2291a765ee8694a5afa59ff94d07633e8e257cd48783b0993e20a4e33eeaFacebook suffered from an insecure direct object reference vulnerability.
331056674239d4a2b8597c783a977751033ec9efe723bf4173cf02c9fb7e6878ZTE Ucell 3G Modem App suffers from a local privilege escalation vulnerability.
ba5654640d91120aa2b97a5b75fff6ae5bfa1155a2b90bb2f51fb3dcd88534e0FreeBSD Security Advisory - The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source. When no authentication key is set in the configuration file, ntpd(8) would generate a random key that uses a non-linear additive feedback random number generator seeded with very few bits of entropy. The ntp-keygen(8) utility is also affected by a similar issue. When Autokey Authentication is enabled, for example if ntp.conf(5) contains a 'crypto pw' directive, a remote attacker can send a carefully crafted packet that can overflow a stack buffer. In ntp_proto.c, the receive() function is missing a return statement in the case when an error is detected.
7d0a12f077a570a47b07177a5a88f387e10ed75041b9b627e36f0897b24db3e6Debian Linux Security Advisory 3112-1 - Michele Spagnuolo of the Google Security Team discovered two heap-based buffer overflows in SoX, the Swiss Army knife of sound processing programs. A specially crafted wav file could cause an application using SoX to crash or, possibly, execute arbitrary code.
e522b182877461036a97d01f0b34ab4677e45c89f632e7073c9d575ceb4d440aCisco Security Advisory - Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
5dbade7a53bf1ca9ac25f9e8c3be3931a5da81f0c75dd71cb6377e3ee36e48baDebian Linux Security Advisory 3110-1 - A flaw was discovered in mediawiki, a wiki engine: thumb.php outputs wikitext messages as raw HTML, potentially leading to cross-site scripting (XSS).
4a74d04ee20e7ea3b6e4c01a0dfaa2401913310db6eea5435a6542e7f095ea52BitRaider Streaming Client version 1.3.3.4098 suffers from a local privilege escalation vulnerability.
5ca434384e236fd488d813284f4b706e9da5d216379d4490e3c07e2b5a5650bfApple Security Advisory 2014-12-22-1 - A remote attacker may be able to execute arbitrary code Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.
b9deebdbb01ab3aed98d8edb7acb54229fac071c690df000c568aceba5071babSlackware Security Advisory - New xorg-server packages are available for Slackware 14.1 and -current to fix security issues.
a39862a25a5d7d308f9940d7a38d9a97d8b894971774c2778f7d822ac39ec1f9Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
8141ed8c330d69aebd2daa31024bd6d064827a7233ef1c642925789f1820044bSlackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
d0c96540c2c6dfe9fed363b2449da9517db44123be1a205a479a83c90011f153Debian Linux Security Advisory 3111-1 - Michal Zalewski discovered an out of bounds write issue in cpio, a tool for creating and extracting cpio archive files. In the process of fixing that issue, the cpio developers found and fixed additional range checking and null pointer dereference issues.
a9ea7c0beb40aff80ad7ce20667057680f50c15abe536f79050be8d73989b78dGentoo Linux Security Advisory 201412-33 - Multiple vulnerabilities have been found in PowerDNS Recursor, the worst of which may allow execution of arbitrary code. Versions less than 3.6.1-r1 are affected.
cfd737928ee766b24091c62224921a9db120732040ced83d3e8bd8158d159dfeRed Hat Security Advisory 2014-2031-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
807921b6b285a42f6aeea04f7e22861d6bdb76057927ac3e3280fd82814fcfaeRed Hat Security Advisory 2014-2030-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
41d6fc46d60239c957e9dfd372456bf51bc12eb8d344430ad8515a81ee622121Red Hat Security Advisory 2014-2029-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
b827fb50fc49c1dec1ebd62661be33a036c77dbc34b10a9e8e43425e73889637Red Hat Security Advisory 2014-2028-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
a064ea3cf3f8d95c6081aee62a68ba7dee82642c95280d63f80cd3c68a4a0cf9Libtiff version 4.0.3 suffers from an integer overflow vulnerability that results in an out-of-bounds memory read.
9fe0f92666d1dda0f8fc69edc3f1572b6a7eddcaf75f93240712c87c6704def8UnZip versions 6.0 and below suffer from multiple heap-based buffer overflow vulnerabilities.
3be56fd57959f7da1359a14b848ad60e6021fb8ff555ec02f94fcdda37fffeafSoX versions 14.4.1 and below suffer from multiple heap-based buffer overflow vulnerabilities.
aeff85e5727326a30715ccc28a8c670697acdefdd8f05484570ea038725641a8Red Hat Security Advisory 2014-2024-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit.
eedac20f7337d69596f4269af11098d273603b8566ea0c385bf4f50c902ac8d2Gentoo Linux Security Advisory 201412-32 - A vulnerability in sendmail could allow a local attacker to obtain sensitive information. Versions less than 8.14.9 are affected.
595ba0710161dd5e147f8afe499183363ff19b779b8615d24cdf0b44532e918dUbuntu Security Notice 2449-1 - Neel Mehta discovered that NTP generated weak authentication keys. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. Stephen Roettger discovered that NTP generated weak MD5 keys. A remote attacker could possibly use this issue to brute force the MD5 key and spoof a client or server. Stephen Roettger discovered that NTP contained buffer overflows in the crypto_recv(), ctl_putdata() and configure() functions. In non-default configurations, a remote attacker could use these issues to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. In addition, attackers would be isolated by the NTP AppArmor profile. Various other issues were also addressed.
286111117445620d8391d69edda43445e28d24c84f9ba29db3f2c41c02f7041c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed