exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2017-12-07

Ubuntu Security Notice USN-3509-2
Posted Dec 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3509-2 - USN-3509-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939
SHA-256 | 55c76901713125a703bae824209741aaa3580edc3d3ffb5d1318fec8c8c6c7ce
Ubuntu Security Notice USN-3509-1
Posted Dec 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3509-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12193, CVE-2017-16643, CVE-2017-16939
SHA-256 | 1fee3d4c5f363d883d9e0d3340e1b92019a2c25227d2f422c40c64d91d321d09
Ubuntu Security Notice USN-3508-2
Posted Dec 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3508-2 - USN-3508-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12146, CVE-2017-16939
SHA-256 | 8f21eef7c2fc6cb6eebd43e8feec5bbc855c5b079f9a47dc86cb9da1ea8ddd29
Ubuntu Security Notice USN-3508-1
Posted Dec 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3508-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12146, CVE-2017-16939
SHA-256 | 71f952ea8f2b52d88d4d95fb89d27c8b6a5b7d5796ef9e769ba309c68c79d355
Ubuntu Security Notice USN-3507-1
Posted Dec 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3507-1 - Mohamed Ghannam discovered that a use-after-free vulnerability existed in the Netlink subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Linux kernel did not properly handle copy-on- write of transparent huge pages. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-1000405, CVE-2017-12193, CVE-2017-15299, CVE-2017-15306, CVE-2017-15951, CVE-2017-16535, CVE-2017-16643, CVE-2017-16939
SHA-256 | 69cb8bd23eccd5b890d722fba3cdc82d3096243ff4f4b5537c3e96d1b5de40da
Red Hat Security Advisory 2017-3401-01
Posted Dec 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3401-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 63.0.3239.84. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2017-15407, CVE-2017-15408, CVE-2017-15409, CVE-2017-15410, CVE-2017-15411, CVE-2017-15412, CVE-2017-15413, CVE-2017-15415, CVE-2017-15416, CVE-2017-15417, CVE-2017-15418, CVE-2017-15419, CVE-2017-15420, CVE-2017-15422, CVE-2017-15423, CVE-2017-15424, CVE-2017-15425, CVE-2017-15426, CVE-2017-15427
SHA-256 | 5bd0b2cbeabcf688e6d9f16cea82f64051f2874ff1e444401d3e0a45c1a77044
Red Hat Security Advisory 2017-3399-01
Posted Dec 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3399-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for log4j package in Red Hat JBoss Enterprise Application Platform 5.2.0. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.

tags | advisory, java, remote, arbitrary, udp, tcp
systems | linux, redhat
advisories | CVE-2017-5645
SHA-256 | 5f7c290255283ca8558f9e080e48b8c3b9da33e398b2eadd8011345eb5fc9e44
Red Hat Security Advisory 2017-3400-01
Posted Dec 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3400-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for log4j package in Red Hat JBoss Enterprise Application Platform 5.2.0. Security Fix: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.

tags | advisory, java, remote, arbitrary, udp, tcp
systems | linux, redhat
advisories | CVE-2017-5645
SHA-256 | 5ea1cec9f6933eab9187ac254d93d4f4e639613ce51a4f20d85a8723b379a92a
WordPress Crowd Ideas 1.0 Cross Site Scripting
Posted Dec 7, 2017
Authored by Ricardo Sanchez

WordPress Crowd Ideas plugin version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c6fcd6f0c3697cccd7a9d17bdb4e5be6ec6663d9fe5c857f87f513ffb6c53162
Ubuntu Security Notice USN-3506-2
Posted Dec 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3506-2 - USN-3506-1 fixed two vulnerabilities in rsync. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access restrictions. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-17433, CVE-2017-17434
SHA-256 | fadf821b7f75a4e2b252ef20c8691b6094a528145976b83c1b2f9e35357a8062
Ubuntu Security Notice USN-3506-1
Posted Dec 7, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3506-1 - It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access restrictions. It was discovered that rsync does not check for fnamecmp filenames and also does not apply the sanitize_paths protection mechanism to pathnames. An attacker could use this to bypass access restrictions. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-17433, CVE-2017-17434
SHA-256 | 8f97470368f1ee947f4293ade4fb9b4051d27097ac26ac0d6e612c9ef333dfde
Debian Security Advisory 4056-1
Posted Dec 7, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4056-1 - George Shuklin from servers.com discovered that Nova, a cloud computing fabric controller, did not correctly enforce its image- or hosts-filters. This allowed an authenticated user to bypass those filters by simply rebuilding an instance.

tags | advisory
systems | linux, debian
advisories | CVE-2017-16239
SHA-256 | fb7b647269054c29195ca37543cb4c0d4601d524f74938c162051e8e9c64c7fc
Red Hat Security Advisory 2017-3389-01
Posted Dec 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3389-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for this release.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-12195
SHA-256 | ae9f8aec2b2ee802f9f935b728b574e080a9d3c448e0373c0462fc829f456d75
OpenSSL Security Advisory 20171207
Posted Dec 7, 2017
Site openssl.org

OpenSSL Security Advisory 20171207 - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. Other issues were also addressed.

tags | advisory
advisories | CVE-2015-3193, CVE-2016-0701, CVE-2017-3732, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738
SHA-256 | 5b23d35b31c30e0ba27356ef231c18b5e034386ca01935b4c9740a2cf6a7469b
LaCie 5big Network 2.2.8 Command Injection
Posted Dec 7, 2017
Authored by Timo Sablowski

LaCie 5big Network version 2.2.8 suffers from a remote command injection vulnerability.

tags | exploit, remote
SHA-256 | 02d280f3570d3138e947978e63913f9151f791af5e4077d6ac666a48580ce904
Apple macOS 10.13.1 High Sierra Cron Privilege Escalation
Posted Dec 7, 2017
Authored by Mark Wadham

Apple macOS version 10.13.1 (High Sierra) suffers from a cron related local privilege escalation vulnerability that allows you to gain root privileges.

tags | exploit, local, root
systems | apple
SHA-256 | fbe2d99d3b7ef8fd7877306d5456d2c15f9aac738eb9b0ae46533c5eed03251a
Wireshark 2.4.2 / 2.2.10 CIP Safety Dissector Crash
Posted Dec 7, 2017
Authored by Gerald Combs

Wireshark versions 2.4.0 through 2.4.2 and 2.2.0 through 2.2.10 suffer from a crash issue in the CIP Safety dissector.

tags | exploit
advisories | CVE-2017-17085
SHA-256 | 646635366decbef4399396c501e19649221604dfc3ac9afca5ee8739d867b191
Linux Kernel DCCP Socket Use-After-Free
Posted Dec 7, 2017
Authored by Mohamed Ghannam

The Linux kernel suffers from a DCCP socket use-after-free vulnerability.

tags | exploit, kernel
systems | linux
advisories | CVE-2017-8824
SHA-256 | cae1f33164a9e9af6e636a830eeee8c78626be982d8e3ca731d872a32cdf347e
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close