the original cloud security
Showing 1 - 16 of 16 RSS Feed

Files Date: 2017-01-03

Kaspersky SSL Interception Differentiation
Posted Jan 3, 2017
Authored by Tavis Ormandy, Google Security Research

In order to inspect encrypted data streams using SSL/TLS, Kaspersky installs a WFP driver to intercept all outgoing HTTPS connections. They effectively proxy SSL connections, inserting their own certificate as a trusted authority in the system store and then replace all leaf certificates on-the-fly. This is why if you examine a certificate when using Kaspersky Antivirus, the issuer appears to be "Kaspersky Anti-Virus Personal Root". Kaspersky's certificate interception has previously resulted in serious vulnerabilities, but quick review finds many simple problems still exist. For example, the way leaf certificates are cached uses an extremely naive fingerprinting technique. Kaspersky cache recently generated certificates in memory in case the user agent initiates another connection. In order to do this, Kaspersky fetches the certificate chain and then checks if it's already generated a matching leaf certificate in the cache. If it has, it just grabs the existing certificate and private key and then reuses it for the new connection. The cache is a binary tree, and as new leaf certificates and keys are generated, they're inserted using the first 32 bits of MD5(serialNumber||issuer) as the key. If a match is found for a key, they just pull the previously generated certificate and key out of the binary tree and start using it to relay data to the user-agent. You don't have to be a cryptographer to understand a 32bit key is not enough to prevent brute-forcing a collision in seconds. In fact, producing a collision with any other certificate is trivial.

tags | exploit, web, root, vulnerability, virus
MD5 | 2546662d9e3ac6122c369f4d26198f24
Samsung OTP TrustZone Buffer Overflow
Posted Jan 3, 2017
Authored by Google Security Research, laginimaineb

As a part of the KNOX extensions available on Samsung devices, Samsung provides a TrustZone trustlet which allows the generation of OTP tokens. The OTP TrustZone trustlet suffers from a stack buffer overflow.

tags | exploit, overflow
MD5 | 5630aec452992f4eccfb870ec3a4cbc7
PHPMailer / Zend-mail / SwiftMailer Remote Code Execution
Posted Jan 3, 2017
Authored by Dawid Golunski

This proof of concept exploit aims to execute a reverse shell on the target in the context of the web server user via a vulnerable PHP email library.

tags | exploit, web, shell, php, proof of concept
advisories | CVE-2016-10033, CVE-2016-10034, CVE-2016-10045, CVE-2016-10074
MD5 | a0be91defae2564f4405c81fdeab38cd
TIMA Arbitrary Kernel Module Verification Bypass
Posted Jan 3, 2017
Authored by Google Security Research, laginimaineb

Samsung's lkmauth feature suffers from a kernel module verification bypass vulnerability.

tags | advisory, kernel, bypass
MD5 | 94c50ebfbad9ceb87ec411b72014c425
Gentoo Linux Security Advisory 201701-15
Posted Jan 3, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-15 - Multiple vulnerabilities have been found in Mozilla Firefox, SeaMonkey, and Thunderbird the worst of which could lead to the execution of arbitrary code. Versions less than 45.6.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8634, CVE-2014-8635, CVE-2014-8636, CVE-2014-8637, CVE-2014-8638, CVE-2014-8639, CVE-2014-8640, CVE-2014-8641, CVE-2014-8642, CVE-2015-0819, CVE-2015-0820, CVE-2015-0821, CVE-2015-0822, CVE-2015-0823, CVE-2015-0824, CVE-2015-0825, CVE-2015-0826, CVE-2015-0827, CVE-2015-0828, CVE-2015-0829, CVE-2015-0830, CVE-2015-0831, CVE-2015-0832, CVE-2015-0833, CVE-2015-0834, CVE-2015-0835, CVE-2015-0836, CVE-2016-2804
MD5 | 996424a6489ae0f105919cd6809bb2c7
Red Hat Security Advisory 2017-0002-01
Posted Jan 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0002-01 - Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The following packages have been upgraded to a newer upstream version: rh-nodejs4-nodejs, rh-nodejs4-http-parser. Security Fix: It was found that Node.js' tls.checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate accepted by a Node.js TLS client.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2016-1669, CVE-2016-5180, CVE-2016-5325, CVE-2016-7099
MD5 | 30efc184d99c0deded727c2d19d1b7c6
Samsung OTP Service Heap Overflow
Posted Jan 3, 2017
Authored by Google Security Research, laginimaineb

As a part of the KNOX extensions available on Samsung devices, Samsung provides a new service which allows the generation of OTP tokens and suffers from a heap overflow vulnerability.

tags | exploit, overflow
MD5 | 078ec7131a5d786edf86447fbce0664f
Kaspersky Local CA Root Protected Incorrectly
Posted Jan 3, 2017
Authored by Tavis Ormandy, Google Security Research

Kaspersky fails to adequately protect its local CA root.

tags | advisory, local, root
MD5 | 2f3e65e92f2365a4a0e084696bd1c4c7
Samsung OTP OTP_GET_CRYPTO_DERIVED_KEY Buffer Overflow
Posted Jan 3, 2017
Authored by Google Security Research, laginimaineb

Stack buffer overflow and information disclosure vulnerabilities exist in the Samsung OTP TrustZone trustlet via OTP_GET_CRYPTO_DERIVED_KEY.

tags | advisory, overflow, vulnerability, info disclosure
MD5 | 718aa9c0eebb984d13427c2fec6e4280
Red Hat Security Advisory 2017-0004-01
Posted Jan 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0004-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2016-8666
MD5 | fd13dc66551f79bb42b01c7744c21f53
Red Hat Security Advisory 2017-0003-01
Posted Jan 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0003-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-7796
MD5 | f04f1dc27d2d1aefe34b686df5f34286
Debian Security Advisory 3750-2
Posted Jan 3, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3750-2 - A functionally regression was discovered in some specific usage scenarios of PHPMailer following the security update of DSA-3750. New packages have been released which correct the problem.

tags | advisory
systems | linux, debian
advisories | CVE-2016-10033
MD5 | 114b59080866698a50a7298f30df91e2
Internet Download Accelerator 6.10.1.1527 Buffer Overflow
Posted Jan 3, 2017
Authored by Fady Mohamed Osman

Internet Download Accelerator version 6.10.1.1527 SEH FTP buffer overflow exploit.

tags | exploit, overflow
MD5 | 295e1dec995b384d3490cec443aeed5d
Netgear DGN2200 / DGND3700 / WNDR4500 Information Disclosure
Posted Jan 3, 2017
Authored by Mandar Jadhav

Netgear models DGN2200, DGND3700, and WNDR4500 suffer from multiple information disclosure vulnerabilities, one of which leaks the admin password.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2016-5638, CVE-2016-5649
MD5 | 772248b8e8b56e15f9e9d0616934765b
My Click Counter 1.0 SQL Injection
Posted Jan 3, 2017
Authored by Anarchy Angel

My Click Counter version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | 643a9c348b5171519bb81b9208bb26b9
PDFAdd 1.2 DLL Hijacking
Posted Jan 3, 2017
Authored by ZwX

PDFAdd version 1.2 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
MD5 | d7701fcb4a7a9e3ae54792e767c00f71
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close