exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

Files Date: 2018-01-04

Red Hat Security Advisory 2018-0017-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0017-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | 661da6c121c0dfb05cc14972e82ed6d008064665c4d67ecd598f45575cd1645b
Red Hat Security Advisory 2018-0016-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0016-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | 27f24e65e2bf4f824c5f0afc7564328bbf49db0ad4687799fa4bf7d5c178271d
Red Hat Security Advisory 2018-0014-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0014-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | c66f2ac8c1c83763c161160534ca8f06aec6e344a736c15eb7def43657e8b148
Red Hat Security Advisory 2018-0015-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0015-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 8bb0425ab303d74d0cbe517e7f3ae75a1d0df113b6dd118d7d0c400007ff2c37
Red Hat Security Advisory 2018-0024-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0024-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | c8dc4c944f3eb40347b6b5b3087e58c6037c919cb29270949b358c950d540d4d
Ubuntu Security Notice USN-3515-1
Posted Jan 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3515-1 - It was discovered that Ruby allows FTP command injection. An attacker could use this to cause arbitrary command execution.

tags | advisory, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2017-17405
SHA-256 | 9c115d37c3fcacbaeb57acb845007fa2c53caa8ca877699c9623ed59a0596301
Red Hat Security Advisory 2018-0027-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0027-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | 9430f34994d8c71684c95d8ea6adcf311248d0f8173812914c40fc12f1aa7b28
Red Hat Security Advisory 2018-0023-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0023-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | 97006908f2e3903f3e52f1dcf5f2528a1e128734bfe0e80642f31b538446a744
Red Hat Security Advisory 2018-0026-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0026-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | 1f35b142bbc1dd39c150e4a67dc6b1f53db900c82c53770b76ed4bdbd0e892c4
Red Hat Security Advisory 2018-0022-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0022-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | be5b7aba86157ebb2f85b6789b3da2b73d8f242ffc77d81261478fefa82f0bed
Red Hat Security Advisory 2018-0028-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0028-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 6e839932a8df3a9a70c4d2cc6ba1a76c41260b9e6eccd31d4092690f97de5c18
Red Hat Security Advisory 2018-0025-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0025-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 5fe9fb189404fc4d0c1eaf732add43063df78faad8d78df56d3cb8f6b24eb910
Red Hat Security Advisory 2018-0021-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0021-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | 7aa7372493e630507818099ab998dc7f461463db2313d1b0c762253157d85b88
Red Hat Security Advisory 2018-0020-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0020-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | fec7becfc549628b99009e1029ad6f0d774b1a84ee833a1fb7e7d60d2282379e
Red Hat Security Advisory 2018-0012-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0012-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | d42d9af8da403de886a6064ceb429291abed51129673cd046a9bdf58226b97fe
Ubuntu Security Notice USN-3430-3
Posted Jan 4, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3430-3 - USN-3430-2 fixed several vulnerabilities. The update introduced a new regression that breaks DNS resolution. This update addresses the problem. Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496
SHA-256 | ee378bb57645a2d84370aab4dc638233e21bb225bd62f15b9bfc37f646a1ded4
Red Hat Security Advisory 2018-0018-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0018-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.

tags | advisory, kernel
systems | linux, redhat
SHA-256 | 31ee78ef056235836d920c71ca5b7736cba91e30af78a10e9939c9e1906c83dd
Red Hat Security Advisory 2018-0013-01
Posted Jan 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0013-01 - The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

tags | advisory
systems | linux, redhat
SHA-256 | 6295f3e977372ff779759ac1ec67680f86389ea1b056a011c239e7ce735d79dc
Microsoft Security Bulletin Summary For January, 2018
Posted Jan 4, 2018
Site microsoft.com

This Microsoft bulletin summary holds information regarding Microsoft security updates for January, 2018.

tags | advisory
SHA-256 | 8567e7cf528021541648db140886761e85df37c207bf5a0b226a7d9f546d0e87
HPE Security Bulletin HPESBHF03803 1
Posted Jan 4, 2018
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03803 1 - A potential security vulnerability has been identified in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance v1.20 and earlier. The vulnerability could be remotely exploited to allow denial of service and execution of code. Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2017-8975, CVE-2017-8976, CVE-2017-8977
SHA-256 | a5d045ac32531d432169f47601b2a0c2b36950f8eefead66eabd002310f327d8
Micro Focus Security Bulletin MFSBGN03793 2
Posted Jan 4, 2018
Authored by Micro Focus | Site microfocus.com

Micro Focus Security Bulletin MFSBGN03793 2 - A potential security vulnerability has been identified in Micro Focus Project and Portfolio Management Center. This vulnerability could be remotely exploited to execute a Man-in-the-Middle (MitM) attack and Cross-site Request Forgery (CSRF). Revision 2 of this advisory.

tags | advisory, csrf
advisories | CVE-2017-14361, CVE-2017-14362
SHA-256 | 02e0b2c4d42c6c364811b85948aebd0c507830c4346b2ed61265afeb6b78659a
Meltdown - Bypassing Intel's Hardware Barrier
Posted Jan 4, 2018
Authored by Yuval Yarom, Michael Schwarz, Mike Hamburg, Moritz Lipp, Paul Kocher, Werner Haas, Thomas Prescher, Stefan Mangard, Daniel Gruss, Daniel Genkin

Whitepaper called Meltdown. It discusses how you can bypass Intel's hardware barrier between applications and the computer's core memory.

tags | paper
SHA-256 | 593ea59090a096211b06194fb5985d5c2ea2b5bd85b540d01802d5d7da2d36f8
Spectre Attacks: Exploiting Speculative Execution
Posted Jan 4, 2018
Authored by Yuval Yarom, Michael Schwarz, Mike Hamburg, Moritz Lipp, Paul Kocher, Werner Haas, Thomas Prescher, Stefan Mangard, Daniel Gruss, Daniel Genkin

Whitepaper called Spectre Attacks: Exploiting Speculative Execution. It discusses how to trick error-free applications into giving up secret information.

tags | paper
advisories | CVE-2017-5715, CVE-2017-5753
SHA-256 | d1a3c8c49faea6321bd01e706e0957012c18a94e1a187f1a5477c0e82270dc51
Spectre Information Disclosure Proof Of Concept
Posted Jan 4, 2018
Authored by Yuval Yarom, Michael Schwarz, Mike Hamburg, Moritz Lipp, Paul Kocher, Werner Haas, Thomas Prescher, Stefan Mangard, Daniel Gruss, Daniel Genkin

Spectre information disclosure proof of concept exploit that affects multiple CPUs.

tags | exploit, proof of concept, info disclosure
advisories | CVE-2017-5715, CVE-2017-5753
SHA-256 | 473bf133f40fdcb9c9fa158c19b9d4681907d8e8c18230aea02e37e689ee7f95
Iopsys Router dhcp Remote Code Execution
Posted Jan 4, 2018
Authored by neonsea

Iopsys router suffers from a dhcp related remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-17867
SHA-256 | 5612e35eb0e13dcbdaa05577808017f5f3a81b7a029936248fa63517e682c199
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close