EyeLock's nano NXT firmware latest version 3.5 (released 25.07.2016) suffers from multiple unauthenticated command injection vulnerabilities. The issue lies within the 'rpc.php' script located in the '/scripts' directory and can be triggered when user supplied input is not correctly sanitized while updating the local time for the device and/or get info from remote time server. The vulnerable script has two REQUEST parameters 'timeserver' and 'localtime' that are called within a shell_exec() function for setting the local time and the hardware clock of the device. An attacker can exploit these conditions gaining full system (root) access and execute OS commands on the affected device by injecting special characters to the affected parameters and further bypass the access control in place.
2db3de6e6596a89e57769cef80da46c6a4c1cf11032cf1f05060be7c5da869f6nano NXT suffers from a file disclosure vulnerability when input passed thru the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
1f2f82965c87acd146118e4dc36df0cfd90aa6f1adef76742db3642b5c89a599EyeLock Myris version 3.3.2 suffers from an unquoted search path issue impacting the service 'MyrisService' for Windows deployed as part of Myris solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
9944b9c11776ab7fd7b3d7678b418928869f0f411d1520d8bd1bf55a41f75093LINE Instant Messenger versions before June 2016 suffer from authorization bypass and server-side request forgery vulnerabilities.
8b06a080228cc5d67268fee0ebddc5be63e937694570091aeb595350317d2067This bulletin summary lists nine released Microsoft security bulletins for August, 2016.
b7358893d5f134b0f91ecae238c6f7ef22ff96c7545eafb4fcfcef4b3e2a7e97Ubuntu Security Notice 3050-1 - Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code with administrative privileges. Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest Various other issues were also addressed.
25d3e707bc3e04dc34cc4046ae0bd60268ea7d5bb3ac12b317f68afd34cc10d8Ubuntu Security Notice 3051-1 - It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after a n error condition occurred. A local attacker could use this to cause a denial of service. Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. Various other issues were also addressed.
6a2979ef146941bff45ef030836a1ac3c64a52306361f465ba3afdff4daf283aRed Hat Security Advisory 2016-1586-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick emulator built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest.
4c1d1bc40e1e6367d724a8cda0f1bfc794595fdf5ac299d28294505a3b85e0e3Red Hat Security Advisory 2016-1585-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: Quick emulator built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest.
a9d0e3ffdd3d3da840f2c103a322b0f6f9596d929626d1f1a99fbffe30c5cd59Ubuntu Security Notice 3057-1 - Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code with administrative privileges. It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
030e1271bb7566a819d82ae5638f21d1a8b8bbeb3b2002fca12d928335283dcbUbuntu Security Notice 3056-1 - Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code with administrative privileges. It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
5a5993fff7c587291f866734e6a557eea74f65989a06449853d48bcfa78b8f7dUbuntu Security Notice 3054-1 - Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code with administrative privileges. It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a deni al of service. Various other issues were also addressed.
986a7a499ec97cecc4959f3265ef183088e85d94ade8531bcecc680ad7399f86Ubuntu Security Notice 3055-1 - Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code with administrative privileges. It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
cf8c4be620feb49866d70f13c5c9925d654ba881ecacc4029183bc41fcb626f0Ubuntu Security Notice 3053-1 - A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
868205ccfbb5b02685dc08d99775077c773f785d462ef9352d2b3cec71ffebc3Ubuntu Security Notice 3049-1 - Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service or possibly execute arbitrary code with administrative privileges. Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest Various other issues were also addressed.
2b1009ae36d1ddcfe36aada07f3b8fd8c1364c30c25979dfd492e6fd7e67f232Ubuntu Security Notice 3052-1 - It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service. Kangjie Lu discovered an information leak in the netlink implementation o f the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. Various other issues were also addressed.
b8de8320f66e8abd1152325a365a4aade72e43e9d61f7e60e750b220bdff2663
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed