Red Hat Security Advisory 2014-2025-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit.
d893c268c3f5fe578780698715118fb8eec3d8f487f827ecfb8dfd311d18e52dDebian Linux Security Advisory 3109-1 - Dmitry Kovalenko discovered that the Firebird database server is prone to a denial of service vulnerability. An unauthenticated remote attacker could send a malformed network packet to a firebird server, which would cause the server to crash.
4b7c03387458e84b20b6f383808452ba68491d9f66d6582ce4a1664a44d83a5bDebian Linux Security Advisory 3107-2 - The previous subversion security update, DSA-3107-1, introduced a regression which causes Apache httpd to fail to start due to an undefined symbol dav_svn__new_error in configurations which used mod_dav_svn.
527ba83c540b711646711a89a6bfb93c01a2c3a5583c822b7142e39f63806718Debian Linux Security Advisory 3108-1 - Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol.
5b4a277b0cef718c24dc6753a54c1bc9d8bcce8e71d504884e286af1764624abDebian Linux Security Advisory 3107-1 - Evgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server. A remote attacker could abuse this vulnerability for a denial of service.
d2824c2abaefae069b581b17d0401759edf20af3fefbd0ba5df00a1d21fa788fDebian Linux Security Advisory 3106-1 - Jose Duart of the Google Security Team discovered a double free flaw (CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138) in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
7d6d5cdfc306ba24da2224abb9b09a1bedf8f1aba115f137fe3edbcb6239afcfApple Security Advisory 2014-12-18-1 - Xcode 6.2 beta 3 is now available and addresses a unicode issue that can be leveraged by a malicious git repository.
f61fd9d0d48bd3edc62fd01719a27d1689aae89d9c6537e9356ca5a7b525aa5cUbuntu Security Notice 2448-2 - USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. Various other issues were also addressed.
c47545b18e641e882b45a3c426edabfd912ad269d8872340a45d7660ebe5e154Ubuntu Security Notice 2447-2 - USN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. Various other issues were also addressed.
48836bea6415674b21cc9d2e67d419022278c5cdd948c6b798dbc7a87a1e15beThe JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by a double-free vulnerability in function jas_iccattrval_destroy() as well as a heap-based buffer overflow in function jp2_decode(). A specially crafted jp2 file, can be used to trigger the vulnerabilities. Versions 1.900.1 and below are affected.
798d515d2ffb136a29cd7ca51ecc0132ba783edfb641c23ed98f666d2bd80e5eGentoo Linux Security Advisory 201412-31 - Multiple vulnerabilities in ZNC could lead to Denial of Service. Versions less than 1.2-r1 are affected.
8971bd93580bc9ceb67c0477013cd3878b15f6737d04b74064d4095aa93e40f1Red Hat Security Advisory 2014-2019-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the Apache CXF incorrectly extracted the host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was found that Apache WSS4J, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of spoofing attacks on web service endpoints secured by WSS4j that rely on SAML for authentication.
d1f902a13bdbffd75588118d8e7160b3d1dc012f90bc2a1f9ff99b3f85bb0030Red Hat Security Advisory 2014-2020-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the Apache CXF incorrectly extracted the host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was found that Apache WSS4J, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of spoofing attacks on web service endpoints secured by WSS4j that rely on SAML for authentication.
218d58c7a0731c77c1a1782f4579ac364cf591192d81eef95803e5404f5120c4Red Hat Security Advisory 2014-2023-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application.
1a729c8365de7fcb60f232832a81c20bc4f9497690301c4c5976e0a515d81582Red Hat Security Advisory 2014-2021-01 - JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
1767faf218d3e38faf737754605d6b4836322c1d854a8e54c691d8615c5a31afRed Hat Security Advisory 2014-2010-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
4e4186b1cdf9f66b1e8aa88214c3a03dd064ef6d4eedf6823a6ccf5328190dd1Red Hat Security Advisory 2014-2009-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
ffabb5127213b9d5e767b7989c9d1fc88083afdaabf91be68ad03ea1375016b9Red Hat Security Advisory 2014-2008-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
4969a06224595485fcb2f9e81196c0079600768eda0c43885c3f0f3f8b1bb9bfFreeBSD Security Advisory - By causing queries to be made against a maliciously-constructed zone or against a malicious DNS server, an attacker who is able to cause specific queries to be sent to a nameserver can trick unbound(8) resolver into following an endless series of delegations, which consumes a lot of resources.
7325ed64b2652e63c948472623f25b89e0c8ea7a43bf475eb776a142e8481671HP Security Bulletin HPSBMU03217 1 - A potential security vulnerability has been identified with HP Vertica. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
bba781db0ea6237d24c41632509ea14fbeb0e32ee6e7ac09ab25b8319078c862HP Security Bulletin HPSBOV03226 1 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS BIND 9 Resolver. These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
1857a5c488eb234718c79babaf33fe34e2dcf8b047d172d2c3860ec769591b8eHP Security Bulletin HPSBOV03225 1 - Potential security vulnerabilities have been identified with HP OpenVMS POP. The vulnerabilities could be exploited remotely to create a server Denial of Service (DoS). Revision 1 of this advisory.
b755ef57fa9808d034b66f40b673df1ea76e3bbb6a2de718163e2fb673e795a8HP Security Bulletin HPSBMU03221 1 - A potential security vulnerability has been identified with HP Connect-IT running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
a5a316af30fef5696f01590dd214abf39ac31a70bef1f5857658e50c91583c8eOnapsis Security Advisory - By exploiting a search token privilege escalation vulnerability, a remote and potentially unauthenticated attacker would be able to access or modify any information stored on the SAP BusineesObjects server. The attacker could also connect to the business systems depending on the configuration of the BO infrastructure. BusinessObjects Edge version 4.1 is affected.
572684cdc3bc2a7bd551c52105bd0203238dbe5954d6313dd9841c6c341fed6bRed Hat Security Advisory 2014-2000-01 - Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine with support for monitoring multiple JVM instances. It was discovered that, in certain configurations, the Thermostat agent disclosed JMX management URLs of all local Java virtual machines to any local user. A local, unprivileged user could use this flaw to escalate their privileges on the system. This issue was discovered by Elliott Baron of Red Hat.
aeca17094bb56abecbd3f12a0b0b346a3d837163e0c5bf0e8cd9cb1cd587566e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed