This archive contains all of the 162 exploits added to Packet Storm in October, 2017.
6df0b6c9fa9b5095c34f144edb026f2fa31bad05bc841f4a50b446c49c89890aSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
7d02b1886b2dc6a95ca39b0e7ec087e200e42b846e502f85a05822dc793b7ce0MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
e92ae6afc09991d5398fd6a0b9d6fd7ff391d9ab9f7722f935926b87c3619068Ubuntu Security Notice 3470-2 - USN-3470-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build function in the Linux kernel. A local attacker could use to cause a denial of service or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
45cdfddce64c932d022da74ac84e9b861d656767a40b616a21399ad5537f8eddRed Hat Security Advisory 2017-3107-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Telecommunications Update Service for Red Hat Enterprise Linux 6.5 will be retired as of November 30, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.5 TUS after November 30, 2017.
42bb0ef37d1ea908386592601927469095da8d15b7b1e182e5c680c28bc9b063Apple Security Advisory 2017-10-31-12 - Additional information for the APPLE-SA-2017-09-25-9 macOS Server 5.4 advisory has been provided that relates to FreeRADIUS and Postfix.
ab7f1016be63a4d64acf9e8afda8cb266e256bd54b6c0f883eb1a5a8a72517edApple Security Advisory 2017-10-31-11 - tvOS 11 addresses TLS weaknesses, denial of service, and various other vulnerabilities.
48976ad8a3fe31355c7175da27c7031f56f2e550f213786486e77c219f2f0ae8Ubuntu Security Notice 3471-1 - Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service. Quentin Young discovered that Quagga incorrectly handled memory in the telnet vty CLI. An attacker able to connect to the telnet interface could possibly use this issue to cause Quagga to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.
18aebebe30aaa82a09ff5e29e6a4b37297fccefa2635d842e62dfb675cb316ddRed Hat Security Advisory 2017-3108-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.2 will be retired as of November 30, 2017, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.2 EUS after November 30, 2017.
19f6099cc41a19a2b694dd597cafbb9e8fa759c85fa15866d86175732c58cbf2Apple Security Advisory 2017-10-31-10 - watchOS 4 addresses TLS weaknesses, denial of service, memory corruption, and various other vulnerabilities.
bf329a7b0c636f783245fa9ac4453b9454375182fb1dcbb20bc593d709b94c37Apple Security Advisory 2017-10-31-9 - iOS 11 addresses TLS weaknesses, denial of service, arbitrary code execution, and various other vulnerabilities.
46171a35b50df25804054ca92ead701817ede06a281105b670af269d27fc2535Apple Security Advisory 2017-10-31-7 - iCloud for Windows 7.1 is now available and addresses multiple code execution vulnerabilities.
294c829c611aa9e757a7c9fceef9dd24e71d9aa5be4609ee25156b3fbeb3b9f4Apple Security Advisory 2017-10-31-6 - iTunes 12.7.1 for Windows is now available and addresses multiple code execution vulnerabilities.
c9a20a8f75f9ac95762f0243fba4e1fb030f44aa3c2b0be9d969220323334a11Apple Security Advisory 2017-10-31-4 - watchOS 4.1 is now available and addresses denial of service, arbitrary code execution, and various other vulnerabilities.
959f45d4b947ca23af4b5c13fa26d591a4d68ae29ee0e180418a81d49a7e0355Apple Security Advisory 2017-10-31-3 - tvOS 11.1 is now available and addresses denial of service, memory corruption, arbitrary code execution, and various other vulnerabilities.
aae86778e2c65edee3cefce0151b35c0132d4ae4fe73f0863ae16f900914444fApple Security Advisory 2017-10-31-2 - macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan are now available and address TLS weaknesses, issues in Apache, and many more vulnerabilities.
ac256e54648493ce415cbcd2306f79310dc0a2baeca5b8e57161504c227231ffRed Hat Security Advisory 2017-3093-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A redirect flaw, where the is_safe_url() function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard.
d28217e1a8006a55ab36721cf9f4c727529c8f692cd038039b0e873b660284ddDebian Linux Security Advisory 4012-1 - Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.
bd07d4a2721391b8abbffaad5abe1a4b403503ee4df96d9681a44d659e64d0dfHPE Security Bulletin HPESBHF03785 1 - HPE B-Series SAN Network Advisor Software versions released prior to and including v14.0.2 contain several remotely exploitable directory traversal vulnerabilities. Revision 1 of this advisory.
1f0815e6ed8f71ce63122cc9919399285c53ca35388a0ba5b11e5bafe2d6bde3Debian Linux Security Advisory 4009-1 - Niklas Abel discovered that insufficient input sanitising in the the ss-manager component of shadowsocks-libev, a lightweight socks5 proxy, could result in arbitrary shell command execution.
f4946f4feea9dcb5fd5499933a28e9fbbcc14bc3fd78516883a4fa48f7f34e07Slackware Security Advisory - New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
104257f1a354ea147a6bbac1bd35bfbbf953ec821808ca34d4db4ab29f4f469eWhatsApp versions 2.17.52 and below suffer from a memory corruption vulnerability that can result in a denial of service.
938e528baacd94eea2f9b0cdc6f120abd8230c01d83a66a10d0b34e7c45314cd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed