Red Hat Security Advisory 2014-0089-01 - The openstack-keystone packages provide keystone, a Python implementation of the OpenStack Identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that the ec2token API in keystone, which is used to generate EC2-style credentials, could generate a token not scoped to a particular trust when creating a token from a received trust-scoped token. A remote attacker could use this flaw to retrieve a token that elevated their privileges to all of the trustor's roles. Note that only OpenStack Identity setups that have EC2-style authentication enabled were affected.
c50959b9d41dd39d2fd6d966353e83b422fa7a6cf1c6c8fd1c7e4f807fe7ade4Red Hat Security Advisory 2014-0091-01 - The openstack-neutron packages provide Openstack Networking, the virtual network service. It was discovered that the metadata agent in OpenStack Networking was missing an authorization check on the device ID that is bound to a specific port. A remote tenant could guess the instance ID bound to a port and retrieve metadata of another tenant, resulting in information disclosure. Note that only OpenStack Networking setups running neutron-metadata-agent were affected.
7a6024a5034a169ceae9763c64a8c54d3106efa99634fc821770cf61e9d34f55Red Hat Security Advisory 2014-0090-01 - The openstack-heat packages provide heat, a Python implementation of the OpenStack Orchestration engine, to launch multiple composite cloud applications based on templates. It was found that heat did not properly enforce cloudformation-compatible API policy rules. An in-instance attacker could use the CreateStack or UpdateStack methods to create or update a stack, resulting in a violation of the API policy. Note that only setups using Orchestration's cloudformation-compatible API were affected. A flaw was found in the way Orchestration's REST API implementation handled modified request paths. An authenticated remote user could use this flaw to bypass the tenant-scoping restriction by modifying the request path, resulting in privilege escalation. Note that only setups using Orchestration's cloudformation-compatible API were affected.
4eef99862e59c551295d7917e5c785068040a4c30d7833175e952cee56708be2Mandriva Linux Security Advisory 2014-019 - When verifying SSL certificates, elinks fails to warn the user if the hostname of the certificate does not match the hostname of the website. The elinks package has been updated to version 0.12-pre6 and patched to fix this issue.
95452e7d3693c1c3c86c03e26fa8950b3f943e92aac0d719122e1810e61471dcMandriva Linux Security Advisory 2014-018 - Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
479e81439c0d26b024653339e67bcc26a11f63393821e9cf087d17a41abac8faMandriva Linux Security Advisory 2014-017 - Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. This update also fixes two other minor issues: IPADDRESS size in python-netsnmp on 64-bit systems and adding btrfs support to hrFSTable.
eb476709985a25b1ea4c65839954fca812a6aae0097cf8170adb45d45e7329acMandriva Linux Security Advisory 2014-016 - A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.
60b532f68791dc2bf52f112aef543df19722dfa602956cbcf011687f01d6a4e4Mandriva Linux Security Advisory 2014-015 - Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions.
c44b363f15f84b64f144f627526dde5cb5a1d7a345a73f145f5638ee62d1d767A special crafted ICMP ECHO REQUEST can cause a denial of service condition on the Juniper SSG20.
65c2ed19eba0758f8c760b12d4765618e61203e44d05a5145cb0d2a79e35d225Multiple modern browsers have failed to mitigate a cross site scripting scenario leveraging the srcdoc attribute of an IFRAME tag.
ecb1de8034a9a2065500be16c12903e53f7becc90f5fc45baf13132b1914b434T-Mobile HOME NET Router LTE / Huawei B593u-12 version V100R001C54SP063 suffers from cross site request forgery, information disclosure, command injection, and directory traversal vulnerabilities.
5ecc71b535700461b5eb90e9396b789a771cb54638c84b968532e6e4e659d99eThe Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
98d300089ef30f1e701fbbb74de72ab40d5d30e4e2a3f8352b8f3b45b2f77ff5NCH Software Express Burn Plus version 4.68 suffers from an EBP project file handling buffer overflow vulnerability.
f3faa2625935e2f4e9b885ea0654295bf010125e8765622056a10aaedc1302d1DaumGame active-x control versions 1.1.0.5 and 1.1.0.4 suffer from a buffer overflow vulnerability. Proof of concept code included.
700de7f082a11cf764630d887c017c3cbc2790e1de57e8121f8094354020695eGentoo Linux Security Advisory 201401-21 - Multiple vulnerabilities have been found in Poppler, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 0.24.5 are affected.
4538dde98f8c92351e219322d8718e56257b5b9b40521930dd6b7eb79de8556eGentoo Linux Security Advisory 201401-20 - Multiple vulnerabilities have been found in Cacti, allowing attackers to execute arbitrary code or perform XSS attacks. Versions less than 0.8.8b are affected.
60e499dc878470aef030b4e84ae80fe629bbd4de79b08c73333effba0110f1fdGentoo Linux Security Advisory 201401-19 - A buffer overflow error in GMime might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 2.4.15 are affected.
7015ce34ec32841e3f2fb8df1c2fc061eaa55e1b2f1bde5478bf50c79f8b453bMandriva Linux Security Advisory 2014-014 - The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted certificate that is not properly handled by the openssl_x509_parse function. The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service via a crafted interval specification. The updated php packages have been upgraded to the 5.5.8 version which is not vulnerable to these issues. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.8 and some has been upgraded to their latest versions.
8cf7940a193c870dfe4a5421f1538695dff4660b76dc24b692930776885f8223Red Hat Security Advisory 2014-0038-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager. A flaw was found in the way Red Hat Enterprise Virtualization Manager relayed SPICE connection information to remote-viewer when a native SPICE client invocation method was used. As a result, remote-viewer attempted an insecure connection first and only switched to a secure connection when requested by the SPICE server. An attacker able to intercept the SPICE connection could use this flaw to conduct man-in-the-middle attacks.
5df079ba6e849babda647aa9e89fe5a31f17c77cebc3fcbbac4b809f9baf9f42Red Hat Security Advisory 2014-0041-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade Red Hat Enterprise Virtualization Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration portal, configuration of the previous system appears to be lost when reported in the TUI. However, this is an issue in the TUI itself, not in the upgrade process; the configuration of the system is not affected.
b4c76518fefda3f3206630aed636919cd1cea85e9a2b797b898a47ee35f3368fGentoo Linux Security Advisory 201401-25 - A heap-based buffer overflow in ldns might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.6.11 are affected.
59fbdc141d2fc66746573e6bfe90b16f20bbdd0ab366687f32bbdce7c4be86abGentoo Linux Security Advisory 201401-24 - A vulnerability in INN's STARTTLS implementation could allow a remote attacker to conduct a man-in-the-middle attack. Versions less than 2.5.3 are affected.
f6f048502cf3f99429097f71c3ea6443f38b357d2d436eaad1d83f308bc1e98aGentoo Linux Security Advisory 201401-23 - Multiple vulnerabilities have been found in sudo which could result in privilege escalation. Versions less than 1.8.6_p7 are affected.
dda81040cd1424b5d756e10f8887535266792aeb424207b4e2da032de4b6d974Gentoo Linux Security Advisory 201401-22 - A vulnerability in Active Record could allow a remote attacker to inject SQL commands. Versions less than 2.3.14-r1 are affected.
5ae7b184f2b9a809ef440c33b3aec3891a6294f8e5e3b68863ece85918e7b2a7America Online (AOL) suffers from cross site scripting and remote file inclusion vulnerabilities.
8a613994798545bcea472db93af4ceb0b66319269963bcb88f660250d728a92b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed