Local root exploit for Fedora 18 x86_64 using nl_table to leverage the sock_diag_handlers[] vulnerability.
1ab629c5ad74a701d6a87ea1e2c30d5f307d18d3171c1f44adb7736878b5c4baMandriva Linux Security Advisory 2013-024 - VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution. The mozilla firefox packages has been upgraded to the latest ESR version which is unaffected by this security flaw.
e61b7c3cf6e2442b66fc8fa3431802d4c6cc8341aead4e8f91ed11c2d82ae1f3Mandriva Linux Security Advisory 2013-023 - Long line inputs could trigger a segfault in the sort, uniq and join utilities. The updated packages have been patched to correct these issues.
6f6b35d2bbd2840b2a3e41f95241250d6c792d13e18b3380d9ab2879d0fc34bdMandriva Linux Security Advisory 2013-022 - The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service by periodically making many new TCP connections. The updated packages have been patched to correct these issues.
bee473f9707063a23fbf49f1f2986f75bfe44988e5231b688428c1c9f062130bDrupal Node Parameter Control third party module version 6.x suffers from an access bypass vulnerability.
a6fd0bf0a802d4d8be9ff88a955fa9cf9891236d1a13246be5bce6509c8a5f82Red Hat Security Advisory 2013-0636-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.
b9a7ef0ff18dd828c5d57c86d14d909fe246d0a7a1f774fcff12bfc8e24254c1Red Hat Security Advisory 2013-0643-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-09, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.275.
81799c278148d560668a700315f0181cd4e6219f77615fb315bc0f17a14a6892Proof of concept code that demonstrates a stack-based buffer overflow in the Linux kernel SCTP_GET_ASSOC_STATS() function.
588169341383534eb48214aef23de1ecd3b8f43f820fc7090163879acbcb9dc3Technical Cyber Security Alert 2013-71A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.
57a1a50ee9fe3afe65a25ff9a43f11074350efbbfde73afe59aa1e4ec0f27cebRuby Gem Curl suffers from a remote command execution vulnerability due to a lack of user input sanitization.
c96fc864359b4f3b2f30998551d780075c8307fbf1c24791422f696b650146efRuby Gem MiniMagic suffers from a remote command execution vulnerability due to a lack of user input sanitization.
f3b4827a94b047303ccc02b88c3f74c2860bb4df87e899281dfb759760495123Ruby Gem Fastreader version 1.0.8 suffers from a remote command execution vulnerability due to a lack of user input sanitization.
1fab775f0aafbbbde6c3e31e5072977d382d54542fa209d3fc109a74349d293aUbuntu Security Notice 1758-2 - USN-1758-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Thunderbird. It was discovered that Firefox contained a memory safety issue. If a user were tricked into opening a specially crafted page with the HTML editor, a remote attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
f4c52da91a0567cbf0ae3291c95b9297f94bf425fa956d9fa86f756330cb5173Debian Linux Security Advisory 2643-1 - Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system.
626b2c43b3fc60e5818364c42a1dce9ed4a162377a90fdd4f2f3cc47cac16b60Ubuntu Security Notice 1760-1 - A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. A memory leak was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS could trigger this flaw to cause a denial of service on the system. Various other issues were also addressed.
c3317eecf58e61478a36793dcf24f32a044bee7a9120041fb1d605b234c9c673Ubuntu Security Notice 1759-1 - It was discovered that Puppet agents incorrectly handled certain kick connections in a non-default configuration. An attacker on an authenticated client could use this issue to possibly execute arbitrary code. It was discovered that Puppet incorrectly handled certain catalog requests. An attacker on an authenticated client could use this issue to possibly execute arbitrary code on the master. Various other issues were also addressed.
cccb65197566007976c698911967efc5871071adafb220b210b3946a8aba7461
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed