what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 54 RSS Feed

Files from Open Source CERT

Email addressincidents at ocert.org
First Active2008-04-14
Last Active2016-05-30
Jetty 9.3.8 Path Sanitization
Posted May 30, 2016
Authored by Open Source CERT, Daniele Bianco, Simon Zuckerbraun

The Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs. The path normalization logic implemented in the PathResource class and introduced in Jetty versions 9.3.x can be defeated by requesting malicious URLs containing specific escaped characters. Leveraging on this weakness, a malicious user can gain access to protected resources (e.g. WEB-INF and META-INF folders and their contents) and defeat application filters or other security constraints implemented in the servlet configuration. Versions 9.3.0 through 9.3.8 are affected.

tags | advisory, web
advisories | CVE-2016-4800
SHA-256 | 26929157b560ea70de00b08c35d3faa27d7dde2502ff66c5a5de0ac9128cc9bc
Ganeti Leaked Secret / Denial Of Service
Posted Dec 31, 2015
Authored by Open Source CERT, Daniele Bianco

Ganeti, an open source virtualization manager, suffers from multiple issues in its RESTful control interface (RAPI). The distributed replicated storage (DRBD) secret is leaked by the RAPI interface when job results are requested. Leveraging on the knowledge of this secret, a malicious user who had already gained access to the storage network of the cluster can retrieve instance data more easily and reliably. The RAPI interface is also vulnerable to a denial of service condition, triggered via SSL parameter renegotiation issued by a malicious client. The condition leads to resource exhaustion on the master node. Many versions are affected.

tags | advisory, denial of service
advisories | CVE-2015-7944, CVE-2015-7945
SHA-256 | 4908b0ea745ca775be075350bb329e3afa85d1d65858822a85447b0558240754
PyAMF 0.7.2 XXE Injection
Posted Dec 17, 2015
Authored by Nicolas Gregoire, Open Source CERT

PyAMF suffers from insufficient AMF input payload sanitization which results in the XML parser not preventing the processing of XML external entities (XXE). A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger denial of service (DoS) conditions or arbitrarily return the contents of files that are accessible with the running application privileges. Versions 0.7.2 and below are affected.

tags | advisory, denial of service, xxe
advisories | CVE-2015-8549
SHA-256 | 939e9f52f635c72d8bc7877b8213d3c23d28d84296a37c4314ff4368f14040f1
VLC 2.2.1 Arbitrary Pointer Dereference
Posted Aug 23, 2015
Authored by Andrea Barisani, Open Source CERT, Loren Maggiore

VLC versions 2.2.1 and below suffer from an arbitrary pointer dereference vulnerability.

tags | advisory, arbitrary
advisories | CVE-2015-5949
SHA-256 | 5729beee45859fa6c90c4ec59513f7ad8f788728b656de7ca5a61d5fed77f09c
FreeRADIUS Insufficient CRL Application
Posted Jun 23, 2015
Authored by Andrea Barisani, Open Source CERT

The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List (CRL) checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpired client certificate, issued by an intermediate CA with a revoked certificate, is therefore accepted by FreeRADIUS. Versions equal to and below 2.2.7 and 3.0.8 are affected.

tags | advisory
advisories | CVE-2015-4680
SHA-256 | f44ceb4ece64f245dca32d4e44eaa21e29c75abd2daf06b1fa52ef60f318b7bc
MySQL SSL / TLS Downgrade
Posted Apr 29, 2015
Authored by Andrea Barisani, Open Source CERT, Adam Goodman

A vulnerability has been reported concerning the impossibility for MySQL users (with any major stable version) to enforce an effective SSL/TLS connection that would be immune from man-in-the-middle (MITM) attacks performing a malicious downgrade. Versions 5.7.2 and below are affected.

tags | advisory
advisories | CVE-2015-3152
SHA-256 | d063ca963fad7e412addd0e90a45f79969718f60a862dfd9f8babda513cc3918
e2fsprogs Input Sanitization
Posted Feb 6, 2015
Authored by Andrea Barisani, Open Source CERT

The e2fsprogs package is a set of open source utilities for ext2, ext3 and ext4 filesytems. The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to trigger the vulnerability. Versions prior to 1.42.12 are affected.

tags | advisory, overflow
advisories | CVE-2015-0247
SHA-256 | f36fd29dba36b61b27140d5e0db103cf8b564838924976443f54919358a022f8
JasPer 1.900.1 Off-By-One / Heap Overflow
Posted Jan 22, 2015
Authored by Andrea Barisani, Open Source CERT, pyddeh

The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow. Versions 1.900.1 and below are affected.

tags | advisory, overflow
advisories | CVE-2014-8157, CVE-2014-8158
SHA-256 | 3c1005efe0f84a5d1c16b4cda12795276863a2d60100bb8a67371fa3e2b20f21
UnZip 6.0 Heap Buffer Overflow
Posted Dec 22, 2014
Authored by Andrea Barisani, Open Source CERT

UnZip versions 6.0 and below suffer from multiple heap-based buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2014-8139, CVE-2014-8140, CVE-2014-8141
SHA-256 | 3be56fd57959f7da1359a14b848ad60e6021fb8ff555ec02f94fcdda37fffeaf
SoX 14.4.1 Heap Buffer Overflow
Posted Dec 22, 2014
Authored by Andrea Barisani, Open Source CERT

SoX versions 14.4.1 and below suffer from multiple heap-based buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
advisories | CVE-2014-8145
SHA-256 | aeff85e5727326a30715ccc28a8c670697acdefdd8f05484570ea038725641a8
JasPer 1.900.1 Double-Free / Heap Overflow
Posted Dec 19, 2014
Authored by Andrea Barisani, Open Source CERT

The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by a double-free vulnerability in function jas_iccattrval_destroy() as well as a heap-based buffer overflow in function jp2_decode(). A specially crafted jp2 file, can be used to trigger the vulnerabilities. Versions 1.900.1 and below are affected.

tags | advisory, overflow, vulnerability
SHA-256 | 798d515d2ffb136a29cd7ca51ecc0132ba783edfb641c23ed98f666d2bd80e5e
JasPer 1.900.1 Buffer Overflow
Posted Dec 4, 2014
Authored by Andrea Barisani, Open Source CERT

The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by two heap-based buffer overflows which can lead to arbitrary code execution. The vulnerability is present in functions jpc_dec_cp_setfromcox() and jpc_dec_cp_setfromrgn(). A specially crafted jp2 file, can be used to trigger the overflows. Versions 1.900.1 and below are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2014-9029
SHA-256 | c95a0cf72de69ab82914ed27fc67d2c1c1a072016b41156b8ec7ce998588fc8d
libFLAC 1.3.0 Stack Overflow / Heap Overflow / Code Execution
Posted Nov 25, 2014
Authored by Open Source CERT, Daniele Biano

The libFLAC project, an open source library implementing reference encoders and decoders for native FLAC and Ogg FLAC audio content, suffers from multiple implementation issues. In particular, a stack overflow and a heap overflow condition, which may result in arbitrary code execution, can be triggered by passing a maliciously crafted .flac file to the libFLAC decoder. Versions 1.3.0 and below are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2014-8962, CVE-2014-9028
SHA-256 | a4032dd6d4a27f7aae901e56831009abf356688af57f4e2a9b1222732ec7ca10
LibVNCServer 0.9.9 Remote Code Execution / Denial Of Service
Posted Sep 25, 2014
Authored by Open Source CERT, Nicolas Ruff

LibVNCServer versions 0.9.9 and below suffer from memory management handling, buffer overflow, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
advisories | CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055
SHA-256 | 7119467df020792576889e8a01b9e775d65a326b0070c018b47a7524af569c5b
Ganeti Insecure Archive Permission
Posted Aug 13, 2014
Authored by Open Source CERT, Guido Trotter, Helga Velroyen

Ganeti versions 2.10.0 through 2.10.6 and 2.11.0 through 2.11.4 suffer from an insecure file permission vulnerability that leads to sensitive information disclosure.

tags | advisory, info disclosure
SHA-256 | 960a55567a500fcc535191d7724093c1ce0c92016cee319f1e41c90f38166437
LPAR2RRD 3.5 / 4.53 Command Injection
Posted Jul 23, 2014
Authored by Open Source CERT, Juergen Bilberger

Insufficient input sanitization on the parameters passed to the application web gui leads to arbitrary command injection on the LPAR2RRD application server. Versions 4.53 and below and 3.5 and below are affected.

tags | advisory, web, arbitrary
advisories | CVE-2014-4981, CVE-2014-4982
SHA-256 | 1a1002b04f4d303d72eb47b9c4e32b31388ec73b29abfea315a4fb3c871f89ea
Ansible 1.6.6 Arbitrary Code Execution
Posted Jul 22, 2014
Authored by Open Source CERT

The Ansible platform suffers from input sanitization errors that allow arbitrary code execution as well as information leak, in case an attacker is able to control certain playbook variables. Versions 1.6.6 and below are affected.

tags | advisory, arbitrary, code execution
advisories | CVE-2014-4966, CVE-2014-4967
SHA-256 | b465397fc2a757360069751e13b345820b4f62ef4a925ba616292d6bb0511da6
LibYAML 0.1.5 Buffer Overflow
Posted Mar 28, 2014
Authored by Andrea Barisani, Open Source CERT

LibYAML versions 0.1.5 and below are affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the yaml_parser_scan_uri_escapes() function. A specially crafted YAML file, with a long sequence of percent-encoded characters in a URL, can be used to trigger the overflow.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2014-2525
SHA-256 | 801017e1ff1d3bdeae05eeef0c85d7625a0088eef454bd42667d1a259ef47ff8
Xalan-Java 2.7.0 Insufficient Secure Processing
Posted Mar 25, 2014
Authored by Andrea Barisani, Nicolas Gregoire, Open Source CERT

The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation. The library implements the Java API for XML Processing (JAXP) which supports a secure processing feature for interpretive and XSLCT processors. The intent of this feature is to limit XSLT/XML processing behaviours to "make the XSLT processor behave in a secure fashion". It has been discovered that the secure processing features suffers from several limitations that undermine its purpose. Versions 2.7.0 and above are affected.

tags | advisory, java
advisories | CVE-2014-0107
SHA-256 | 2661a94be4bbc4822c2a0c9ff839ec7aafe7ef60fc89113bfb792b62e32262d9
MantisBT 1.1.0a4 / 1.2.15 SQL Injection
Posted Feb 9, 2014
Authored by Andrea Barisani, Open Source CERT

MantisBT versions greater than and equal to 1.1.0a4 and versions equal to and below 1.2.5 suffer from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2014-1609, CVE-2014-1608
SHA-256 | fd0d34a47dad6a11159e7c09179b8f9eed808970bfe477a1e8a3cee8b3f5c973
File Roller Path Traversal
Posted Jul 8, 2013
Authored by Open Source CERT, Yorick Koster

The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any location, writable by the user executing the extraction, outside the current working directory. This behavior is triggered when the option 'Keep directory structure' is selected from the application 'Extract' dialog.

tags | advisory, arbitrary
advisories | CVE-2013-4668
SHA-256 | f6e7eec5337ffaec3b1e39f19c1e07cbe65ea4c169f65204d92f2634cdcc1947
MurmurHash Algorithm Collision Denial Of Service
Posted Nov 24, 2012
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue is similar to the one reported in oCERT-2011-003 and concerns the MurmurHash algorithm family. The condition for predictable collisions in the hashing functions has been reported for the following language implementations: JRuby (MurmurHash2), Ruby (MurmurHash2), Rubinius (MurmurHash3), Oracle JDK (MurmurHash), OpenJDK (MurmurHash). In the case of Java OpenJDK the hash function affected by the reported issue is not enabled by default, the default function is however reported vulnerable to oCERT-2011-003.

tags | advisory, java, ruby
advisories | CVE-2012-5370, CVE-2011-5371, CVE-2011-5372, CVE-2011-5373
SHA-256 | 6158aaf285af06ef9ef0b5c3fb1ac4513de61a3ac22d037a2d66fa0654d3a613
Open Source CERT Security Advisory 2011.003
Posted Dec 29, 2011
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

A variety of programming languages suffer from a denial-of-service (DoS) condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms.

tags | advisory
advisories | CVE-2011-4461, CVE-2011-4838, CVE-2011-4885, CVE-2011-4462, CVE-2011-4815
SHA-256 | 0b2b66a010f07afd3a21848f6c4de292e1d20c5873c836998313c0f5f90e9999
Open Source CERT Security Advisory 2011.002
Posted Aug 11, 2011
Authored by Open Source CERT | Site ocert.org

The libavcodec library, an open source video encoding/decoding library part of the FFmpeg and Libav projects, performs insufficient boundary check against a buffer index. The missing check can result in arbitrary read/write of data outside a destination buffer boundaries. The vulnerability affects the Chinese AVS video (CAVS) file format decoder, specially crafted CAVS files may lead to arbitrary code execution during decoding.

tags | advisory, arbitrary, code execution
SHA-256 | 2fa88819712d2684e260c17f8e2578209ceca2f13e8054b71311db41b94f041d
Open Source CERT Security Advisory 2011.001
Posted Jul 16, 2011
Authored by Andrea Barisani, Open Source CERT, Wireghoul | Site justanotherhacker.com

Chyrp versions 2.1 and below suffer from cross site scripting, local file inclusion, shell upload, and directory traversal vulnerabilities. Both the oCERT and original advisories are included here.

tags | exploit, shell, local, vulnerability, xss, file inclusion
SHA-256 | 18cdf52059b49b643716260b829dda6fe150876cbf21decc4085e78858e6de67
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close