Exploit the possiblities
Showing 1 - 25 of 47 RSS Feed

Files Date: 2012-02-21

Red Hat Security Advisory 2012-0309-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0309-03 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. Various other issues have also been addressed in this advisory.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2011-0010
MD5 | 9991e164e8b58d770c673903fdb08c50
Red Hat Security Advisory 2012-0310-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0310-03 - The nfs-utils package provides a daemon for the kernel Network File System server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. It was found that the mount.nfs tool did not handle certain errors correctly when updating the mtab file. A local attacker could use this flaw to corrupt the mtab file.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2011-1749
MD5 | 1e031b2fb215c2a39833b9e17efcb9db
Red Hat Security Advisory 2012-0153-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0153-03 - Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to access Red Hat Network content available to the host. This issue did not affect users of Red Hat Network Classic. This updated sos package also includes numerous bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-4083
MD5 | e1309ecf34db46ea63f2fb1d344b9c12
Red Hat Security Advisory 2012-0311-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0311-03 - The ibutils packages provide InfiniBand network and path diagnostics. It was found that the ibmssh executable had an insecure relative RPATH set in the ELF header. A local user able to convince another user to run ibmssh in an attacker-controlled directory could run arbitrary code with the privileges of the victim. Under certain circumstances, the "ibdiagnet -r" command could suffer from memory corruption and terminate with a "double free or corruption" message and a backtrace. With this update, the correct memory management function is used to prevent the corruption.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2008-3277
MD5 | fc45e84686b849b51a5525e1c1bf879b
Red Hat Security Advisory 2012-0313-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0313-03 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. The default Samba server configuration enabled both the "wide links" and "unix extensions" options, allowing Samba clients with write access to a share to create symbolic links that point to any location on the file system. Clients connecting with CIFS UNIX extensions disabled could have such links resolved on the server, allowing them to access and possibly overwrite files outside of the share. With this update, "wide links" is set to "no" by default. In addition, the update ensures "wide links" is disabled for shares that have "unix extensions" enabled.

tags | advisory, protocol
systems | linux, redhat, unix
advisories | CVE-2010-0926
MD5 | 28a5a72a069618bc1c1e6c7caf3e5fcb
Red Hat Security Advisory 2012-0312-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0312-03 - The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key hash being sent unencrypted, which could make it easier for an attacker able to sniff network traffic to obtain the plain text PSK from a transmitted hash.

tags | advisory
systems | linux, redhat
advisories | CVE-2008-1198
MD5 | b9ae99e275f605e1595c20d5587359d8
Debian Security Advisory 2413-1
Posted Feb 21, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2413-1 - Two buffer overflows have been discovered in libarchive, a library providing a flexible interface for reading and writing archives in various formats. The possible buffer overflows while reading is9660 or tar streams allow remote attackers to execute arbitrary code depending on the application that makes use of this functionality.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2011-1777, CVE-2011-1778
MD5 | 4e53fdefa0c2bafde7b3cae7a95f6f18
Red Hat Security Advisory 2012-0168-01
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0168-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0029, CVE-2012-0207
MD5 | 74fef7fccdc4b73b3a72b2d4867c68aa
Red Hat Security Advisory 2012-0301-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0301-03 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. It was found that ImageMagick utilities tried to load ImageMagick configuration files from the current working directory. If a user ran an ImageMagick utility in an attacker-controlled directory containing a specially-crafted ImageMagick configuration file, it could cause the utility to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2010-4167
MD5 | 4034c2c6593655640bb0365691de56f7
Red Hat Security Advisory 2012-0304-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0304-03 - The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. The vixie-cron package adds improved security and more powerful configuration options to the standard version of cron. A race condition was found in the way the crontab program performed file time stamp updates on a temporary file created when editing a user crontab file. A local attacker could use this flaw to change the modification time of arbitrary system files via a symbolic link attack.

tags | advisory, arbitrary, local
systems | linux, redhat, unix
advisories | CVE-2010-0424
MD5 | 6c7fc617e7031b245f6dcce467a27b63
Red Hat Security Advisory 2012-0305-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0305-03 - The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause that application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2008-0171, CVE-2008-0172
MD5 | ec0e19d4cdeae4c5cdfdefd3b5a31ee6
Red Hat Security Advisory 2012-0151-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0151-03 - The conga packages provide a web-based administration tool for remote cluster and storage management. Multiple cross-site scripting flaws were found in luci, the conga web-based administration application. If a remote attacker could trick a user, who was logged into the luci interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's luci session. These updated conga packages include several bug fixes and an enhancement.

tags | advisory, remote, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2010-1104, CVE-2011-1948
MD5 | 7099f93a13d041d2c27454fac8e89f7c
Red Hat Security Advisory 2012-0302-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0302-03 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the "lp" user.

tags | advisory, overflow, arbitrary
systems | linux, redhat, unix
advisories | CVE-2011-2896
MD5 | b5b2f4b064a3620f920fba70d761e3a3
Red Hat Security Advisory 2012-0303-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0303-03 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2011-4028
MD5 | c124d530d69867bb43147f3f4fe667ed
Red Hat Security Advisory 2012-0149-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0149-03 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that the kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A member of the kvm group on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2011-4347
MD5 | 566180a1c8bcc360d09d2f78bfa91c1e
Red Hat Security Advisory 2012-0306-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0306-03 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the effective group ID change system call. If the group ID change failed, a remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group.

tags | advisory, remote, root
systems | linux, redhat
advisories | CVE-2011-1526
MD5 | dbe10c2c11f00b14034a1aaaea2bde67
Red Hat Security Advisory 2012-0150-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0150-03 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the way the Linux kernel's Event Poll subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-1083
MD5 | 7365f71e963be05cb55c08862b06370b
Red Hat Security Advisory 2012-0307-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0307-03 - The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2011-1675, CVE-2011-1677
MD5 | 25711cb8f1809c306bb93236519769c3
Red Hat Security Advisory 2012-0308-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0308-03 - BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox.

tags | advisory, arbitrary, shell
systems | linux, redhat
advisories | CVE-2006-1168, CVE-2011-2716
MD5 | 618fb76beff298e2ce8e01347cc3f66e
Red Hat Security Advisory 2012-0152-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0152-03 - The kexec-tools package contains the /sbin/kexec binary and utilities that together form the user-space component of the kernel's kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. Kdump used the SSH "StrictHostKeyChecking=no" option when dumping to SSH targets, causing the target kdump server's SSH host key not to be checked. This could make it easier for a man-in-the-middle attacker on the local network to impersonate the kdump SSH target server and possibly gain access to sensitive information in the vmcore dumps.

tags | advisory, kernel, local
systems | linux, redhat
advisories | CVE-2011-3588, CVE-2011-3589, CVE-2011-3590
MD5 | eb49ee1b114201721ad0eac2826de7a6
Nmap Iptables Shell Script
Posted Feb 21, 2012
Authored by Liyan Oz

This is a shell script that launches iptables to add rules that will flag various types of nmap scans.

tags | tool, shell, nmap
systems | unix
MD5 | 6c8ccb9d85ed8e0aefe1fa52047a2c02
Secunia Security Advisory 48084
Posted Feb 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Hitachi Command Suite products, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | db730703564658adc9ec2f57a23803a9
Secunia Security Advisory 48100
Posted Feb 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for ImageMagick. This fixes a weakness, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, redhat
MD5 | 3f81ee34524203e16e63ea2c093a8ef7
Secunia Security Advisory 48099
Posted Feb 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for boost. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, redhat
MD5 | 9b496bc03e0683debae9422d7183890c
Secunia Security Advisory 48041
Posted Feb 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for samba. This fixes a weakness, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.

tags | advisory
systems | linux, redhat
MD5 | 93fb9f690fdc03c8d12c70d0bd3e0e49
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    7 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close