Red Hat Security Advisory 2013-0830-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges.
e1ba7d97c796e3728e54bbe5dc6f6585c52bd5bbc310c337a723147e6569a753
Call For Papers for the No cON Name 2013 conference. It will be held in Barcelona, Spain, from November 1st through the 2nd, 2013.
f2ed55ac7f40b715e2b64d348fd0e038de9ac3ad20e4a1d2268cbb3bb8b5c757
This whitepaper discusses the security of Apple iOS with particular focus on its usage in the workplace.
2fb5854499fe79eb23aa158b159d2436c11cb67f5adf2372588353dbbffed11d
Ubuntu Security Notice 1829-1 - Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local attacker with NET_ADMIN capability could potentially exploit this flaw to escalate privileges. A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
30065b53ddbc5e3d5f60eb0248680ae22ae7dea007129944316fa5c56d25a3b9
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
7a1e617d18c6f22fa5f90a3098add6003baa0af42b8affb67d6bd5048a7dc3ca
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
84aa8f94c67d69fe136235bcfb4c4057feb9a3ffaed64cd80ce46e1e19c964eb
Debian Linux Security Advisory 2669-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.
bcfe3afbb4182656ff4cebf2d30b08f1bd994ad473bc4830c1ed33aa786d930e
This document is not intended to be a definitive guide, but more of a review of specific security issues resulting from the use of HTML 5.
e3b7da92b117e655d18a4b2e648cd4ef9db4d3e700ec2c3b40f6234edae3ba09
This Metasploit module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with root privileges. In order to exploit the vulnerability a valid user (any role) in the web frontend is required. The module has been tested successfully on the Mutiny 5.0-1.07 appliance.
01d6456aa6f66c843f950a3e95e6b90c8d0c5ec0cde800f6939a9ede83195de8
Cisco Security Advisory - Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
d3e0d64b63c54ba0469aee4fa42dcf5ff5e60f7199f5afeb129bba00e9374e17
Red Hat Security Advisory 2013-0827-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. When using Opportunistic Encryption, Openswan's pluto IKE daemon requests DNS TXT records to obtain public RSA keys of itself and its peers. A buffer overflow flaw was found in Openswan. If Opportunistic Encryption were enabled and an RSA key configured, an attacker able to cause a system to perform a DNS lookup for an attacker-controlled domain containing malicious records could cause Openswan's pluto IKE daemon to crash or, potentially, execute arbitrary code with root privileges. With "oe=yes" but no RSA key configured, the issue can only be triggered by attackers on the local network who can control the reverse DNS entry of the target system. Opportunistic Encryption is disabled by default.
12cb976f5b69697a894c31503bb551690955b213858c4fa51b009f265a8d5326
Technical Cyber Security Alert 2013-134A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.
7714de8bb2671df1b661588d6aa17bc3ff066a21e79b5bb65dcefbf463b2b1e0
Drupal Google Authenticator Login versions 6.x and 7.x suffer from a couple of access bypass vulnerabilities.
4fd844692eef3b5dbeab476ca9dc4f7e5099320e7f716570b6a7e73f12930035
Mandriva Linux Security Advisory 2013-165 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Cody Crews reported a method to call a content level constructor that allows for this constructor to have chrome privileged access. This affects chrome object wrappers and allows for write actions on objects when only read actions should be allowed. This can lead to cross-site scripting attacks. Various other issues have also been addressed.
6813ee081c57ba799f2853ae698c47af47848d549fc213a9c911e753605181ee
Ubuntu Security Notice 1828-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.
fd37035618e80606f4668e9c073a2afa7344c987b9afdf487036c675526a79ba
Red Hat Security Advisory 2013-0826-01 - Adobe Reader allows users to view and print documents in Portable Document Format. This update fixes multiple security flaws in Adobe Reader. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened.
3abd73f01e78888390ff9f7748d746e37f079e3b4cd03d89b9ea8f7acdd4d1b1
This Metasploit module utilizes a stager to upload a base64 encoded binary which is then decoded, chmod'ed and executed from the command shell.
4e828bd76fd9d92b7193f91ff6cdf47c21ab888c351730fc0b672b1bdfa5d5fb
Ubuntu Security Notice 1827-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.
d084c927d37fa7856a86a1c67d0cb08ce49025ed4b65ba08c08ee16befb718f3
Ubuntu Security Notice 1826-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.
48f6afef383991ac79f1dbdacf15e1d7e2ad5d5db8a458e6f8e361b6505c3ccb
Ubuntu Security Notice 1825-1 - An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.
f288e8151e0a1203f7ac5f4deed6ee57292f26d67ab3ed7e7e441bc75e05c650
Debian Linux Security Advisory 2668-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.
f66b5875b109e5f665558463b3f9c59ae0cb8985c108bda014534f43c51d2b5f
HP Security Bulletin HPSBUX02859 SSRT101144 3 - A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS) or execute arbitrary code. Revision 3 of this advisory.
97b32abdd8e39e1e5b9feabde6030395b429177c1152753dcdf6fc4a860b318b
Ubuntu Security Notice 1824-1 - Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered a flaw in xfrm_user in the Linux kernel. A local attacker with NET_ADMIN capability could potentially exploit this flaw to escalate privileges. A buffer overflow was discovered in the Linux Kernel's USB subsystem for devices reporting the cdc-wdm class. A specially crafted USB device when plugged-in could cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
61cfd0da9e862caf667f2f7231d0b4d0ff7b68b7c6ba016808af14830d2d8422
Red Hat Security Advisory 2013-0825-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.
01dec1cb5d084648b494fcf4bf54146c495a5122490837b9ad92a8a177d8b1ea
Exponent CMS version 2.2.0 beta 3 suffers from local file inclusion and remote SQL injection vulnerabilities.
c66432c06b6aeb8a14da0a5432997dffbde3bde7c22f8d34fad4191d2231131f