accept no compromises
Showing 1 - 15 of 15 RSS Feed

Files Date: 2014-02-18

Nazca: Detecting Malware Distribution In Large-Scale Networks
Posted Feb 18, 2014
Authored by Prof. Giovanni Vigna, Christopher Kruegel, Stanislav Miskovic, Ruben Torres, Luca Invernizzi, Marco Mellia, Sung-Ju Lee, Sabyasachi Saha

Whitepaper called Nazca: Detecting Malware Distribution in Large-Scale Networks. In this paper, they study how clients in real-world networks download and install malware, and present Nazca, a system that detects infections in large scale networks. Nazca does not operate on individual connections, nor looks at properties of the downloaded programs or the reputation of the servers hosting them. Instead, it looks at the telltale signs of the malicious network infrastructures that orchestrate these malware installation that become apparent when looking at the collective traffic produced and becomes apparent when looking at the collective traffic produced by many users in a large network. Being content agnostic, Nazca does not suffer from coverage gaps in reputation databases (blacklists), and is not susceptible to code obfuscation. They have run Nazca on seven days of traffic from a large Internet Service Provider, where it has detected previously-unseen malware with very low false positive rates.

tags | paper
MD5 | 28f74d9399ea0dfdc416e0247083fd64
Lynis Auditing Tool 1.4.1
Posted Feb 18, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: A new --plugin-dir parameter, support for 64-bit locations for Apache modules, extended logging, and several test improvements.
tags | tool, scanner
systems | unix
MD5 | 1c92b1242998a825ef89f691d4da420a
Mandos Encrypted File System Unattended Reboot Utility 1.6.4
Posted Feb 18, 2014
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: This release adds a minor fix to self-tests.
tags | remote, root
systems | linux, unix
MD5 | 95f926764c9100368f53f8f368da573e
RECON 2014 Call For Papers
Posted Feb 18, 2014
Authored by REC0N 2014 | Site recon.cx

REcon 2014 is a computer security conference for reverse engineers, hackers, and enthusiasts. It is held annually in Montreal, Canada and the Call For Papers has been announced.

tags | paper, conference
MD5 | 05e0959d31fee94dd863e75ee34b7161
File Hub 1.9.1 Code Execution / Local File Inclusion
Posted Feb 18, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

File Hub version 1.9.1 suffers from remote code execution and local file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion
MD5 | cb660ff8751d5f0beb6ccec427bd9dc0
My PDF Creator And DE DM 1.4 LFI / File Upload
Posted Feb 18, 2014
Authored by Katharina S.L. | Site vulnerability-lab.com

My PDF Creator and DE DM version 1.4 suffers from local file inclusion and file upload vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, file upload
MD5 | b817f01d24758e36d0d191b537ac1732
IPT_PKD Iptables Port Knocking Detection 1.12
Posted Feb 18, 2014
Authored by eric

ipt_pkd is an iptables extension implementing port knock detection with SPA (single packet authorization). This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.

Changes: This release fixes a bug in knock.py when sending a knock to a site not in the configuration file or when the configuration file doesn't exist.
tags | tool, kernel, udp, firewall
systems | linux
MD5 | f4357c43b9c87f8e7ee6023088fac845
Oracle Forms / Reports Remote Code Execution
Posted Feb 18, 2014
Authored by Mekanismen, Dana Taylor | Site metasploit.com

This Metasploit module uses two vulnerabilities in Oracle forms and reports to get remote code execution on the host. The showenv url can be used to disclose information about a server. A second vulnerability that allows arbitrary reading and writing to the host filesystem can then be used to write a shell from a remote url to a known local path disclosed from the previous vulnerability. The local path being accessible from an URL then allows us to perform the remote code execution using for example a .jsp shell. Tested on Windows and Oracle Forms and Reports 10.1.

tags | exploit, remote, arbitrary, shell, local, vulnerability, code execution
systems | windows
advisories | CVE-2012-3152, CVE-2012-3153, OSVDB-86395, OSVDB-86394
MD5 | 85fefa16f619ffe45c07117427072e2a
Gentoo Linux Security Advisory 201402-17
Posted Feb 18, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-17 - Multiple vulnerabilities in Xpdf could result in execution of arbitrary code. Versions less than or equal to 3.02-r4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-4035, CVE-2010-3702, CVE-2010-3704
MD5 | fd2826204b15ddc83e29d9ce58563763
Mandriva Linux Security Advisory 2014-038
Posted Feb 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-038 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter. The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service or possibly gain privileges via a crafted application. The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. The updated packages provides a solution for these security issues.

tags | advisory, denial of service, x86, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2014-0038, CVE-2014-1438, CVE-2014-1446
MD5 | 97f6d13dd407f8975db91842830871e7
Mandriva Linux Security Advisory 2014-037
Posted Feb 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-037 - This updates provides ffmpeg version 0.5.13 and 0.10.11, which fixes several unspecified security vulnerabilities and other bugs which were corrected upstream.

tags | advisory, vulnerability
systems | linux, mandriva
MD5 | f5aed6c9914a6ffddfd8c122a50bcb00
Mandriva Linux Security Advisory 2014-036
Posted Feb 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-036 - Varnish before 3.0.5 allows remote attackers to cause a denial of service via a GET request with trailing whitespace characters and no URI. Also, the services have been converted from SysV init scripts to systemd-native services, which should allow for more consistent behavior.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-4484
MD5 | dba5638fdbf01ce7172d6845ff3ab0da
Mandriva Linux Security Advisory 2014-035
Posted Feb 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-035 - The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PLTE chunk of zero bytes or a NULL palette, related to pngrtran.c and pngset.c.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-6954
MD5 | 6feedfe5836ca63d947d728b3cbebcbf
Debian Security Advisory 2862-1
Posted Feb 18, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2862-1 - Several vulnerabilities have been discovered in the chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-6641, CVE-2013-6643, CVE-2013-6644, CVE-2013-6645, CVE-2013-6646, CVE-2013-6649, CVE-2013-6650
MD5 | f20c99f8f9031900b9f5c828a57eb922
Debian Security Advisory 2861-1
Posted Feb 18, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2861-1 - It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files. The Common Vulnerabilities and Exposures project ID CVE-2014-1943 has been assigned to identify this flaw. Additionally, other well-crafted files might result in long computation times (while using 100% CPU) and overlong results.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-1943
MD5 | 3251fbdf4a66d888be72aa1290710f30
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    11 Files
  • 21
    Jul 21st
    4 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close