exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files Date: 2017-08-31

Asterisk Project Security Advisory - AST-2017-007
Posted Aug 31, 2017
Authored by George Joseph, Ross Beer | Site asterisk.org

Asterisk Project Security Advisory - A carefully crafted URI in a From, To or Contact header could cause Asterisk to crash.

tags | advisory
SHA-256 | 3aaf55f2e7edf3194ca408a6b81cebdb27229d2dd95377a0d81498fe1ed9affd
Asterisk Project Security Advisory - AST-2017-006
Posted Aug 31, 2017
Authored by Richard Mudgett, Corey Farrell | Site asterisk.org

Asterisk Project Security Advisory - The app_minivm module has an externnotify program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.

tags | advisory, arbitrary, shell
SHA-256 | f609d7792da894fb6c1fb0ade8daec8f16def1711e4528d9c0115ae784979027
Asterisk Project Security Advisory - AST-2017-005
Posted Aug 31, 2017
Authored by Joshua Colp, Klaus-Peter Junghanns | Site asterisk.org

Asterisk Project Security Advisory - The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options for chan_sip and chan_pjsip respectively enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received the strict RTP support would allow the new address to provide media and with symmetric RTP enabled outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic they would continue to receive traffic as well.

tags | advisory
SHA-256 | dc5c0fb3ca5feec836d616e3705c5e6f1fe136bb73fc595a8c84c639da8487a1
HPE Security Bulletin HPESBGN03765 2
Posted Aug 31, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBGN03765 2 - A security vulnerability in the DES/3DES block ciphers used in the TLS protocol could potentially impact HPE LoadRunner and HPE Performance Center resulting in remote disclosure of information. This is also known as the SWEET32 attack. Revision 2 of this advisory.

tags | advisory, remote, protocol
advisories | CVE-2016-2183
SHA-256 | 948d29ad7d087b66e32a4c02373d48f779582beea0bda6a1bd420ce52660e466
HPE Security Bulletin HPESBGN03767 1
Posted Aug 31, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBGN03767 1 - A potential security vulnerability has been identified in HPE Operations Orchestration product. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2017-8994
SHA-256 | 4b17d418b655fd4fe6b152730a774cede78fd9a61ada68f04893915f466f72bd
Red Hat Security Advisory 2017-2561-01
Posted Aug 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2561-01 - In accordance with the Red Hat Virtualization 3.x Support Life Cycle Policy, support will end on September 30, 2017. Red Hat will not provide extended support for the Red Hat Virtualization Manager and Red Hat Virtualization Host. Customers are requested to migrate to the newer Red Hat Virtualization product prior to the end of the life cycle for Red Hat Virtualization 3.x. After September 30, 2017, technical support through Red Hatas Global Support Services will no longer be provided, other than assisting in upgrades. We encourage customers to plan their migration from Red Hat Virtualization 3.x to the latest version of Red Hat Virtualization. Please contact your Red Hat account representative if you have questions and/or concerns on this matter.

tags | advisory
systems | linux, redhat
SHA-256 | 5b114bd7dd14cc284504b01336be22854bf97593bdc99b359bb38bd0c83ebcf7
Red Hat Security Advisory 2017-2563-01
Posted Aug 31, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2563-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses.

tags | advisory, remote, protocol
systems | linux, redhat, unix
advisories | CVE-2016-6210
SHA-256 | 6772db3539ac28058a8dcd85adcd01f09d836815a6d2fd1a69ba5c6d44438755
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close