all things security
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-09-27

Red Hat Security Advisory 2016-1939-01
Posted Sep 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1939-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.

tags | advisory, kernel, tcp
systems | linux, redhat
advisories | CVE-2016-5696
MD5 | a9636eb286bec01bbe5d14ee00037807
Ubuntu Security Notice USN-3089-1
Posted Sep 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3089-1 - Sergey Bobrov discovered that Django incorrectly parsed cookies when being used with Google Analytics. A remote attacker could possibly use this issue to set arbitrary cookies leading to a CSRF protection bypass.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-7401
MD5 | d7ea3ba509675c0e71996de23135b7f6
Red Hat Security Advisory 2016-1940-01
Posted Sep 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1940-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.

tags | advisory, remote, protocol, memory leak
systems | linux, redhat
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6304, CVE-2016-6306
MD5 | c6afe0ce742f87952f6ae30a8585adbf
Adobe Flash 23 Sandbox Bypass
Posted Sep 27, 2016
Authored by Leone Pontorieri

Adobe Flash versions 23 and below local-with-filesystem sandbox bypass via navigateToURL() and UI redressing. Proof of concept included.

tags | exploit, local, proof of concept, bypass
MD5 | 38c6974d18edf9f552f3b82e5e96af58
EMC ViPR SRM Cross Site Scripting
Posted Sep 27, 2016
Authored by Eric Flokstra | Site emc.com

EMC ViPR SRM versions prior to 4.0.1 suffer from a stored cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2016-6647
MD5 | afab6c340b389a71492340c650d15d78
AVer Information EH6108H+ Authentication Bypass / Inforation Exposure
Posted Sep 27, 2016
Authored by Travis Lee

AVer Information EH6108H+ hybrid DVR suffers from authentication bypass, hard-coded credential, and information exposure vulnerabilities.

tags | exploit, vulnerability, bypass, info disclosure
advisories | CVE-2016-6535, CVE-2016-6536, CVE-2016-6537
MD5 | 95892784e29cf0c2a53be1a6aa8dc309
hack4 2016 Call For Papers
Posted Sep 27, 2016
Authored by dash | Site hack4.org

hack4 has announced its Call For Papers. It will be held December 29th through the 30th, 2016 in Berlin, Germany.

tags | paper, conference
MD5 | 0ac3629c2a28d9bcf333b2d78fcd9fdf
Deactivating Endpoint Protection Software In An Unauthorized Manner (Revisited)
Posted Sep 27, 2016
Authored by Matthias Deeg, Sven Freund

In this paper, the authors describe how the violation of secure design principles can cause authentication bypass vulnerabilities that were found in current endpoint protection software products of different vendors in 2015. All the discussed security vulnerabilities have been reported to the manufacturers of the affected software products according to our responsible disclosure policy and were publicly disclosed in several SySS security advisories and in a talk at the IT security conference DeepSec 2015.

tags | paper, local, vulnerability, bypass
MD5 | 38830fe267b188fd72a1344628a1ad82
Skype DLL Hijacking
Posted Sep 27, 2016
Authored by Tien Phan

The Skype installer suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 38891a92bce0fefe5230c828e0d9305e
Ipod Video Converter DLL Hijacking
Posted Sep 27, 2016
Authored by ZwX

Ipod Video Converter suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 384d15825d9565f65198a791348691bb
Debian Security Advisory 3679-1
Posted Sep 27, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3679-1 - Lukas Reschke discovered that Apache Jackrabbit, an implementation of the Content Repository for Java Technology API, did not correctly check the Content-Type header on HTTP POST requests, enabling Cross-Site Request Forgery (CSRF) attacks by malicious web sites.

tags | advisory, java, web, csrf
systems | linux, debian
advisories | CVE-2016-6801
MD5 | fb13ef6d1e88409ada4d2dd0df3b686e
HP Security Bulletin HPSBHF03652 1
Posted Sep 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03652 1 - A potential vulnerability in Apache Commons FileUpload was addressed by HPE iMC PLAT network products. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2016-3092
MD5 | 0c22475db069e0e17535b93426845e34
HP Security Bulletin HPSBHF03654 1
Posted Sep 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03654 1 - Potential security vulnerabilities have been identified with HPE iMC PLAT network products using SSL/TLS. These vulnerabilities could be exploited remotely resulting in disclosure of information and other impacts. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2004-2761, CVE-2013-2566, CVE-2015-2808
MD5 | 46e40704d74e2ad3c1cb6e274c08171d
HP Security Bulletin HPSBHF03655 1
Posted Sep 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03655 1 - Potential security vulnerabilities have been identified with HPE iMC PLAT network products running Apache Axis2. These vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other impacts. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-1632
MD5 | 13de1a04f2b085f4b221d345a3735915
Debian Security Advisory 3678-1
Posted Sep 27, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3678-1 - Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious web sites to bypass the Cross-Site Request Forgery (CSRF) protections built into Django.

tags | advisory, web, arbitrary, csrf
systems | linux, debian
advisories | CVE-2016-7401
MD5 | 25902009298833cec018f676b65f3048
Linux Kernel 4.6.3 Netfilter Privilege Escalation
Posted Sep 27, 2016
Authored by h00die, vnik | Site metasploit.com

This Metasploit module attempts to exploit a netfilter bug on Linux Kernels befoe 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions have to be met for successful exploitation: Ubuntu: 1. ip_tables.ko (ubuntu), iptable_raw (fedora) has to be loaded (root running iptables -L will do such) 2. libc6-dev-i386 (ubuntu), glibc-devel.i686

tags | exploit, kernel, root
systems | linux, fedora, ubuntu
advisories | CVE-2016-4997
MD5 | d27040d1104d9c3b30bc4f1eebb0d24d
Android Stagefright MP4 tx3g Integer Overflow
Posted Sep 27, 2016
Authored by jduck, NorthBit | Site metasploit.com

This Metasploit module exploits a integer overflow vulnerability in the Stagefright Library (libstagefright.so). The vulnerability occurs when parsing specially crafted MP4 files. While a wide variety of remote attack vectors exist, this particular exploit is designed to work within an HTML5 compliant browser. Exploitation is done by supplying a specially crafted MP4 file with two tx3g atoms that, when their sizes are summed, cause an integer overflow when processing the second atom. As a result, a temporary buffer is allocated with insufficient size and a memcpy call leads to a heap overflow. This version of the exploit uses a two-stage information leak based on corrupting the MetaData that the browser reads from mediaserver. This method is based on a technique published in NorthBit's Metaphor paper. First, we use a variant of their technique to read the address of a heap buffer located adjacent to a SampleIterator object as the video HTML element's videoHeight. Next, we read the vtable pointer from an empty Vector within the SampleIterator object using the video element's duration. This gives us a code address that we can use to determine the base address of libstagefright and construct a ROP chain dynamically. NOTE: the mediaserver process on many Android devices (Nexus, for example) is constrained by SELinux and thus cannot use the execve system call. To avoid this problem, the original exploit uses a kernel exploit payload that disables SELinux and spawns a shell as root. Work is underway to make the framework more amenable to these types of situations. Until that work is complete, this exploit will only yield a shell on devices without SELinux or with SELinux in permissive mode.

tags | exploit, remote, overflow, shell, kernel, root
advisories | CVE-2015-3864
MD5 | 057a5f7427ec278d6c1be05309a18c30
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close