iDefense Security Advisory 03.02.11 - Remote exploitation of a heap memory corruption vulnerability in Apple Inc.'s CoreGraphics library could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs during the processing of an embedded International Color Consortium (ICC) profile within a JPEG image. A small block of heap memory may be allocated for processing certain profile data. An index value is used to reference locations within this heap block. The index value can be manipulated in a manner that results in multiple memory writes to locations outside the bounds of the heap allocated block. This condition may lead to arbitrary code execution.
5d8ce00016e6e084ef0137a0b05bd32f312d8df1e68e87c3acaed784c103df61HP Security Bulletin HPSBUX02638 SSRT100339 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS) or an authentication bypass. Revision 1 of this advisory.
719f5ef4963f2e723d99432e1c22ccc24d50e19a6d7fa0dbfcfc1f74312408b3PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
7bfebb8602317e796ef5b78a5ffa14317176fec2f01032aeeb928a4f548d49e6Mandriva Linux Security Advisory 2011-040 - It was discovered that pango did not check for memory reallocation failures in hb_buffer_ensure() function. This could trigger a NULL pointer dereference in hb_buffer_add_glyph(), where possibly untrusted input is used as an index used for accessing members of the incorrectly reallocated array, resulting in the use of NULL address as the base array address. This can result in application crash or, possibly, code execution. The updated packages have been patched to correct this issue.
c5b09e373563ef82a7c5f2f1998cb4c70210c22b3280d4d73887ba393b446858Pragyan CMS version 3.0 Beta suffers from cross site request forgery and cross site scripting vulnerabilities.
6fc288af9234dbe29d6330100758b4a53c3ecb6d42325eb4f11402bc972cca3dxtcModified version 1.05 suffers from cross site scripting vulnerabilities.
23dfcf7948ec24b6566f99e0520a0a538616b45a0ebc5ecc27b42b4d1f097a59HP Security Bulletin HPSBPI02640 SSRT100410 - A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could cause authentication to be disabled for managed devices. This could allow access to the devices from the Digital Sending Software without authentication. Revision 1 of this advisory.
5746bedad7571c5a36e7f28a7454d2f489bee5962b6c4e1ed63a7d158a676d39iDefense Security Advisory 03.01.11 - Remote exploitation of a heap memory corruption vulnerability in Apple Inc.'s CoreGraphics library could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs during the processing of an embedded International Color Consortium (ICC) profile within a JPEG image. A small block of heap memory may be allocated for processing certain profile data. An index value is used to reference locations within this heap block. The index value can be manipulated in a manner that results in multiple memory writes to locations outside the bounds of the heap allocated block. This condition may lead to arbitrary code execution.
4e6d4aaf9f71ed1c8a1178ef8f377208f6f46c21421673d0d8e75e0af039ce4aDebian Linux Security Advisory 2180-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey. Roberto Suggi Liverani discovered that the sanitizing performed by ParanoidFragmentSink was incomplete. Zach Hoffmann discovered that incorrect parsing of recursive eval() calls could lead to attackers forcing acceptance of a confirmation dialogue. Crashes in the layout engine may lead to the execution of arbitrary code. Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. Various other issues have also been addressed.
54f9e96aaceb4666fbde87ab89afa2d7d4a85564efa06a363d3fde81e8d299c0Ubuntu Security Notice 1050-1 - Multiple vulnerabilities have been addressed in the thunderbird package. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privileges. Jordi Chancel discovered a buffer overflow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program.
8836e577ee50f8d9c44c673cd6c2023b5e0e25863e404007a67ab72883b61ce8Ubuntu Security Notice 1049-1 - Multiple vulnerabilities have been addressed in the firefox and xulrunner packages. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. Zach Hoffman discovered that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. It was discovered that memory was used after being freed in a method used by JSON.stringify. Christian Holler discovered multiple buffer overflows in the JavaScript engine. Daniel Kozlowski discovered that a JavaScript Worker kept a reference to memory after it was freed. Various other issues have also been addressed.
11df6da5cbb40528cbeafb93b5bdd7aa9e44b8fac9ccabdb424704d5222d3bd2This is a basic TCP SYN scanner that is multi-threaded.
7ec41f9e7140b20deaff3b8f9290a371a5bfddcd4bf07837103b1ec7fd7f13c6Zero Day Initiative Advisory 11-103 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within js3250.dll. In the JSON.stringify() call chain js_HasOwnProperty() is called with an invalid pointer. The pointer becomes invalid due to being unrooted and garbage collection occurring. Dereferencing of this pointer allows a remote attacker to execute arbitrary code in the context of the user running the browser.
c15afb4e793f40a302ba89dc854e103efcea0467cf546b6e5f6afec330beeb7bZero Day Initiative Advisory 11-102 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Postgres Plus Advanced Server DBA Management Server. Authentication is not required to exploit this vulnerability. The flaw exists within the DBA Management Server component which listens by default on TCP ports 9000 and 9363. When handling client authentication the server does not properly enforce restrictions on accessing the jmx-console or web-console directly. These consoles allow arbitrary instantiation of classes. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the server.
7f4beb3fcd56f2371370c3adbb9dd3957c4900477c1a532e05e7e6b77eab2795Ubuntu Security Notice 1083-1 - Multiple vulnerabilities have been discovered and addressed in the Linux 2.6 kernel. Al Viro discovered a race condition in the TTY driver. Gleb Napatov discovered that KVM did not correctly check certain privileged operations. Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. Dan Rosenberg discovered that the swapexit xfs ioctl did not correctly check file permissions. Suresh Jayaraman discovered that CIFS did not correctly validate certain response packats. Many other issues have also been addressed.
54cb1f4aa7b55d1d5bede6d79988ac926e5fd1c698bb4ab072e98146004d10c9Tickling CGI Problems is a whitepaper that focuses on the security of Tcl CGI scripts.
1298ddc346dcf21a262702c2826861718c460a4dec46483f991250a955c817bbThe BruCON 2011 Call For Papers has been officially announced. It will be held in Brussels, Belgium from September 19th through the 20th, 2011.
abd7a7346472a70776ade9191fe7d39a130dde5cad99316c5df52a3967b7db9dZero Day Initiative Advisory 11-101 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's iPhone Webkit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the library implements the .sort function for an array. The library will trust the implementation of a particular method which when executed can be used to manipulate elements out from underneath it. This can lead to code execution under the context of the application.
1a550e64275a99a97c2cd144a19e10ae76d63bdb28cca95691cb8df9e59bde23Zero Day Initiative Advisory 11-100 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specially formatted HTML file. When parsing a particular element that also defines the namespace of the document, the library will call a dangling pointer which is consistent but unmapped. Due to this being unmapped, if an attacker can get code loaded at that address this can can lead to code execution under the context of the application.
afcf6790ad3bd7262a4157a6a7ba168b143bcaec19cda2c84fe69cc919215e92Zero Day Initiative Advisory 11-099 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the application handles floating blocks in certain situations. When performing layout operations for a floating block produced by a pseudo-element, the application will attempt to access glyph data that hasn't been fully assigned into the glyph data hashmap. Due to this type being incomplete, this can lead to code execution under the context of the application.
0bc533335809df4a9517760a808b2d7ea9a75bb5c2e383c1786a4c266efe8f50Moscrack is intended to facilitate the use of a WPA cracker on a cluster. Currently, it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are checked (to a degree) and recorded on your master node. Logging, error handling, etc. are all handled for you. Moscrack is designed to be run for long periods of time (days, weeks, or more).
72561acd14c84ecec909167d27343a8b27a65938523aafc053e663e0b06674feTIOD version 1.3.3 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
9296e3e7ffb834fdf597c0ac26dd65c9120722a5d5bdfe1d8db1b47c743ad7e5Ubuntu Security Notice 1080-2 - USN-1080-1 fixed vulnerabilities in the Linux kernel. This update provides the corresponding updates for the Linux kernel for use with EC2. Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. Various other issues were also addressed.
107de034a7af2d41a45827953ec1ce82649b41382c00f917b580abc858073a6cZero Day Initiative Advisory 11-098 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the WebKit library implements the requirements required for a Runin box as outlined in the Visual Formatting Model listed in the CSS 2.1 Specification. When promoting a run-in element the application will incorrectly free one of the child elements of the run-in. Later, when attempting to do layout for this element, the application will access the freed element due to the dangling reference. This can lead to code execution under the context of the application.
1698af44607c7e983359480213fa0b9431e447fc69439b19fa18d46c008e671dZero Day Initiative Advisory 11-097 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setOuterText method of the Webkit htmlelement library. Due to a failure to properly track DOM manipulations made within the browser, it is possible to make use of a previously freed pointer and facilitate remote code execution under the context of the user running the browser process.
6498aec47d82b6262e05c5e59ae1b4032f99ce53770485187e4a4a247a6d622c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed