Ubuntu Security Notice 1324-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.
d420c99ad9073f66940dc2a85179ec22b6dba31a4fecd425a05aece2638c6108Ubuntu Security Notice 1325-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. Various other issues were also addressed.
b1e4fd303c32ef48c4707df2951a82c4d83d018bba184fef1cde1f4a96af3ce5Ubuntu Security Notice 1323-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in the b43 driver in the Linux kernel. An attacker could use this flaw to cause a denial of service if the system has an active wireless interface using the b43 driver. Various other issues were also addressed.
57d1e72bcd7f0d58ab6553abd5907550d017fe5eb7fd3c40984523dffc29c119Ubuntu Security Notice 1326-1 - Nachi Ueno, Rohit Karajgi, and Venkatesan Ravikumar discovered that when Nova is configured to use the OpenStack API, it would not correctly enforce access controls on certain incoming requests. A remote authenticated attacker could exploit this to change resources of arbitrary tenants.
a768674e4752957572324743e01989fa9359ffbb82d310887b7656cbadb1d11aRhoneWeb suffers from a cross site scripting vulnerability.
2dcdf34ab2a59dfddb2ef83b4778520c366df4870660f45f375f04f05d21fea1Secunia Security Advisory - Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system.
42e05317fb966108e81266f0add820e8eaf3737c8ab61585334ce36f77ab11f2Debian Linux Security Advisory 2385-1 - Ray Morris discovered that the PowerDNS authoritative sever responds to response packets. An attacker who can spoof the source address of IP packets can cause an endless packet loop between a PowerDNS authoritative server and another DNS server, leading to a denial of service.
1af26261bd274f8a9c3d3be7ef287921f0c64debe3c1e32e36a9b3ed81c1b88bTechnical Cyber Security Alert 2012-10A - There are multiple vulnerabilities in Microsoft Windows and Microsoft Developer Tools and Software. Microsoft has released updates to address these vulnerabilities.
c9404ef20e1ea85a0199a296f3fc29a86450d8d3d82704ffccd9b3af577075acZero Day Initiative Advisory 12-011 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 32779. When decoding the xdr encoded caller_name from an NLM_TEST procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
d0adfe915bdb4b5bd2f689ec61bba1dc633e2e638512cfdc80cb4f56d5f54ac1Red Hat Security Advisory 2012-0011-01 - Adobe Reader allows users to view and print documents in Portable Document Format. This update fixes two security flaws in Adobe Reader. All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.7, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.
0e0748d35296ccc43f5ab63bf2c3fd23ea3d8079e013538c983a3adfd992bdcdRed Hat Security Advisory 2012-0010-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A malicious CIFS server could send a specially-crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. The way fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload functionality on were handled could allow a remote attacker to cause a denial of service.
557893d6076de010f89965257f12c763df4474c60b2d096db7dea8c57ede5c1eZero Day Initiative Advisory 12-010 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020006 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
6639c55c3938be7dce15b82072912ddf54486e00c1edb624e9e193ff0395441bThis bulletin summary lists 7 Microsoft security bulletins released for January, 2012.
a2f94a7a869562539d7be56f4ef081c382a5176690963900a45d6f76b4942eedRed Hat Security Advisory 2012-0007-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk.
14cc28a3df69b8e6b2fc6473a6b5dacebe7c4ddbba6984ec740c93d61e9322dbZero Day Initiative Advisory 12-09 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020000 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
0255a4f2ef8b6316653251eeaf16b8b505a0a21c681598db533064319b5b09bdThis proof of concept reverse engineering code demonstrates SEHOP chain validation.
e333c142682d7f51d57c80a04d7397a465c342670021b893a2ad3c2f1ef6da5bWhitepaper called SafeSEH+SEHOP all-at-once bypass exploitation method principles.
209ec6ec9584ba32640f53ad2c68e710468e453169d11ebbd3a1605912e0684aGiveaway Manager version 3 suffers from a cross site scripting vulnerability.
83699a03d09f9c6ee6b5598503afb39e85c05b8bd5a78c8a06abd67361cc3addWhitepaper called Buffer Overflows: Anatomy of an Exploit. A look at how systems are exploited and why these exploits exist.
d5a0653a937271a349afae80c0cfe39ae9f07b8b49348b5380f6d83a8f5fe510Secunia Security Advisory - Two vulnerabilities have been discovered in SimpleSAMLphp, which can be exploited by malicious people to conduct cross-site scripting attacks.
47678fad5d00de27a5aec416e06011b6a9cb05b6cfca70c7977c8bdfff7ab8a1Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system.
5a0bf7c4dc4475cb359176df4b7139e7e02f704e20a1c2650c326eadf6978001Secunia Security Advisory - Debian has issued an update for pdns. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
abe7a5bdb947e497f069ffe8c46bbaa575b4d477fdaf39d392e79ca2b80ac3c5Secunia Security Advisory - A vulnerability has been reported in PowerDNS, which can be exploited by malicious people to cause a DoS (Denial of Service).
7e1295660f1400ca82d4a62fce8deb0265c8fd4a7488bd8d3a2c5a0a4e062f2aSecunia Security Advisory - Ubuntu has issued an update for linux. This fixes a weakness and two vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and to cause a DoS (Denial of Service).
89f23d1bec88a2653f9e3012de30ea1f33e119e22a6e72ccfc7987c90f2900b5Secunia Security Advisory - Blue Coat has acknowledged multiple weaknesses, security issues and vulnerabilities in Blue Coat IntelligenceCenter, which can be exploited by malicious, local users to disclose sensitive information and bypass certain security restrictions, by malicious users to disclose sensitive information, bypass certain security restrictions, manipulate certain data, gain escalated privileges, cause a DoS (Denial of Service), and compromise a vulnerable system, and by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain system information, bypass certain security restrictions, and cause a DoS (Denial of Service).
977c4a5176ac01e92709c0c97ba7825d520925c0810462dfdb2d7219891e0262
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed