The Windows Kernel is subject to two related kernel-mode type-confusion vulnerabilities inside win32k!xxxRemoteReconnect. In both cases, a user-mode parameter passed to the syscall is incorrectly resolved to its underlying kernel representation via ObReferenceObjectByHandle passing NULL as the "ObType" field (rather than *IoFileTypeObject and *IoDeviceTypeObject respectively). Because the type is not checked, if a handle of a type other than a HANDLE to a file and a device are passed, the kernel incorrectly uses the underlying representation of the object as a PFILE_OBJECT and a PDEVICE_OBJECT, causing memory corruption in the kernel.
1fc87129199a0c6cd9e6a9fa146cc6e891c7331266896538d14fc884c57013baRed Hat Security Advisory 2015-1767-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.login_required. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions.
e130d2314417e6c973f5dd98dac2ab997783e7d9b1e77c77b9891ba15b677a41Red Hat Security Advisory 2015-1769-01 - Libunwind provides a C ABI to determine the call-chain of a program. An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage. This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
c6c367c6568b39126a29a462f02e4f16c75449d06b5fd29f26f6356361336849Red Hat Security Advisory 2015-1766-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.login_required. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions.
109a0b1fa8837173f2254bdce28a94cf406f8d3ae8c1a95ffb48c5997d8e0e6fRed Hat Security Advisory 2015-1768-01 - Libunwind provides a C ABI to determine the call-chain of a program. An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage. This issue was discovered by Paolo Bonzini of Red Hat. All users of libunwind are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
000e128affd10dba75aae8c7df5c415bb2ff2016a00f38f95e45765faa244334Ubuntu Security Notice 2739-1 - It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or hang, resulting in a denial of service, or possibly expose uninitialized memory.
90c65759ae6b76f3a2f82d88eef8230c13a06bda0c2cfb39f6d3cdd29179d0d1Debian Linux Security Advisory 3355-1 - Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges.
9f57e42758cac2e1a84a18a9fbdb2e6dcc8ef9fd75be1ce31be1da1cda7ec0bcBugzilla versions 2.0 to 4.2.14, 4.3.1 to 4.4.9, and 4.5.1 to 5.0 suffer from an unauthorized account creation vulnerability.
9b1272725e4045835294ef9f644a6664c5657f9a14374d95b6685f5bdc61cc69HP Security Bulletin HPSBOV03505 1 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS running NTP. These vulnerabilities could be exploited remotely to allow unauthenticated attackers to execute code with the privileges of ntpd or cause a Denial of Service (DoS). Revision 1 of this advisory.
6bb3a5080fcc5cd3fa3ca04240ae84814580d927317fa3a57b6645ecaeda982aHP Security Bulletin HPSBGN03504 1 - Potential security vulnerabilities have been identified in HP UCMDB which would allow local disclosure of sensitive information. Revision 1 of this advisory.
d856fbc92cc35abc7930a4225181001200de1c1addd95bbef8898f5b7dad5f88RSA Identity Management and Governance contains fixes for cross site scripting vulnerabilities that may potentially be exploited by malicious users to compromise the affected system. All versions are RSA IMG are affected by CVE-2015-4539. Versions prior to 6.9.1 P6 and 6.8.1 P18 are affected by CVE-2015-4540.
e959e55976a5e496a92a7eff60c3c1ef4c1ef7300a1ecca9ac7aadbae5851084Ubuntu Security Notice 2738-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges.
a930e4570ab20c53e70b727a93dd7fc250e1e1c0a5a1d3d6c835b09cbb64ef42Ubuntu Security Notice 2737-1 - It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges.
2c28d01d683933b1074e5a7999689400ed326d3219d1b6100a0ba98626b9669dHP Security Bulletin HPSBOV03506 1 - A potential security vulnerability has been identified with TCP/IP Services for OpenVMS running BIND. The vulnerability could be remotely exploited to cause a Denial of Service (DoS). Revision 1 of this advisory.
697a636a6d3aecc307d2f528b38ae8b2c5eb11f5f8497127186beae05657ab43Debian Linux Security Advisory 3354-1 - Frediano Ziglio of Red Hat discovered a race condition flaw in spice's worker_update_monitors_config() function, leading to a heap-based memory corruption. A malicious user in a guest can take advantage of this flaw to cause a denial of service (QEMU process crash) or, potentially execute arbitrary code on the host with the privileges of the hosting QEMU process.
caab0b2f4da7f8568fd006270bd9ea0fc01b713fc7834cb9e91257c591db3739The Windows Kernel is subject to a kernel-mode type-confusion vulnerability inside win32k!NtUserSetInformationThread due to referencing a user-mode handle via ObReferenceObjectByHandle with a "NULL" type specified (it should instead be using *LpcPortObjectType to protect against this vulnerability). This vulnerability can be triggered from inside CSRSS via the syscall win32k!NtUserSetInformationThread with ThreadInformationClass set to "UserThreadCsrApiPort" and the parameter of the syscall set to a HANDLE that is not an LPC object.
f08ca467d2241babc70e51da65057abb65b9ecf85249b35405cfc513910c45d6Ubuntu Security Notice 2735-1 - It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or cause a denial of service. An issue was discovered in NavigatorServiceWorker::serviceWorker in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. Various other issues were also addressed.
34404c3aa939d84733b01c04b4b1384782624e95f780584b0fd09a3cb3ecb9a5Cisco Sourcefire User Agent version 2.2 suffers from an insecure file permissions vulnerability.
f9ec0ff4ed5a3e12400b81d08aa5940551ad31df9356b52220128454c88018a4This bulletin summary lists twelve released Microsoft security bulletins for September, 2015.
f5193aef5c390b2597034e6421805cf19e2d548217a560e20bf8efffac0d1631This bulletin summary lists one bulletin that has undergone a major revision increment for September, 2015.
61842becf18d1cf65ddf6d662560ef4747b9abdc884d9030aa10b51bc719c5c2Ubuntu Security Notice 2736-1 - Frediano Ziglio discovered that Spice incorrectly handled monitor configs. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile.
7198335bfdc3a5479ff70cf093ab5c6e873bf28bd1f3f11a4701e6b9421355d9Red Hat Security Advisory 2015-1742-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server to crash.
5598afe1762e5d2f9730eef6f62ee1c4319359beffb6f3ee693c7c00a2399fd6Red Hat Security Advisory 2015-1741-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session. All haproxy users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
a1868fb9dedf29fa4bb599e9106f07d547ff3ee2b7818f9cbe0a86b2f67ecc40Red Hat Security Advisory 2015-1740-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.
347a92a9e5cac31f79b49c041b01f3ddec0f33984998b9dfec481009f2f1ed1aRed Hat Security Advisory 2015-1739-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.
591e95b188bc9c54b60210a35666f31d2ff569ad7ca35c252848eb40a2fd9074
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed